Important Update: Phishing Attempt Impersonates Chief Executive
Dear colleagues,
We want to make you aware of a recent phishing attempt that targeted one of our staff members. The email appeared to come from our new Chief Executive and requested that the recipient contact her via WhatsApp or text. This is a classic example of channel-switch phishing, where attackers try to move conversations away from secure systems to pressure individuals into doing something.
Why This Is Concerning
Impersonating the Chief Executive or senior managers is a serious threat. It can erode trust, compromise sensitive information, and even lead to financial loss. These types of phishing attacks are designed to bypass our usual email monitoring and approval processes.
The fact that this occurred within three months of the Chief Executive taking up post is a clear indication that Moray Council is being actively monitored by cyber criminals.
Also, be aware that these emails are still being received sporadically. Hopefully they will be blocked, but we can never guarantee this, as attackers often update their methods.
Why These Attacks Work: The Psychology Behind Phishing
This phishing attempt is an example of how cyber criminals exploit human psychology to try to manipulate behaviour. There were a few psychological tactics used in this email, which we need to be aware of:
- Authority Bias: By impersonating the Chief Executive, the attacker leveraged our natural tendency to comply with requests from figures of authority. This makes the message seem more legitimate and harder to question.
- Urgency and Secrecy: The request to contact via WhatsApp or text, often accompanied by phrases like “do this now” or “don’t tell anyone”, creates pressure and stress. This reduces our ability to think critically and encourages quick, unverified action.
- Social Engineering: The attacker was likely aware of the Chief Executive’s recent appointment, making the communication appear plausible, as this could be dismissed as ‘the new style of working’, thereby lowering suspicion.
Key Warning Signs
Please remain alert to the following red flags:
- Unexpected communication: The Chief Executive or members of the Senior Management Team (SMT) rarely contact staff directly without copying in line managers or heads of service.
- Requests to switch platforms: Be cautious of any invitation to continue the conversation via WhatsApp, SMS, or personal email.
- Urgency or secrecy: Phrases like “do this now” or “don’t tell anyone”, are common tactics used to create pressure.
- Unusual requests: Anything that deviates from standard procedures or feels out of place should be treated with suspicion.
What You Should Do
- Pause and verify: Do not click on links or respond immediately. Check the sender’s email address carefully and look for typos or unusual formatting.
- Use official channels: If in doubt, start a new email using the Moray Council Global Address Book and include your line manager or head of service.
- Report suspicious messages: Forward the email (with headers) to ict.servicedesk@moray.gov.uk and flag it as “Phishing” in Outlook.
- Don’t use non-work platforms: Never share passwords, financial details, or confidential information via personal messaging apps. Always use Teams or your Moray Council email for work-related communication.
Stay Vigilant
Cyber threats are constantly evolving. Please remain cautious, especially when receiving unexpected messages from senior staff. Whilst this exact email may not reappear, similar tactics are likely to be used again. Understanding these tactics helps us stay alert. If something feels off—even slightly—pause and verify before responding.
If you have any questions or concerns, contact the IT Helpdesk at ict.servicedesk@moray.gov.uk or call extension 3333.