According to the report, the new scam is based on having the attacks look like legitimate emails sent by administrators. The victims are told that the emails (which use the name of the school, but not the same domain) are part of a database update and they need to reply if they want to keep their current email accounts.

As it follows, the victims are being asked to provide the so-called admins with various details such as user names, passwords and date of birth.

According to the Internet Storm Center blog, the standard phishing email looks something like this:

Dear xxxxx Email Account Owner,
This message is from xxxxx messaging center to all xxxxx email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused xxxxx email account to create more space for new accounts.
To prevent your account from closing you will have to update it below so that we will know that it’s a present used account.
Email Username : ………. …..
EMAIL Password : …………….
Date of Birth : ……………..
Country or Territory : ……….
Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.”

Basically, one can easily spot such an attack by looking closely at the reply address, which is external to the organisation. If so, just mark it as spam and let the Trash folder deal with it.