Cyber Security Alert


Summary of alert:

We have been made aware of a cyber alert by NHS Digital called SkinnyBoy. First observed in March 2021, SkinnyBoy is a backdoor and information stealer which is distributed via phishing email.
SkinnyBoy is delivered via a phishing email that contains a Microsoft Word document with a name relating to an international conference. The Microsoft Word document contains a macro, which when executed will extract a downloader in the form of a DLL. This then downloads SkinnyBoy.
We recommend you exercise heightened vigilance when it comes to emails with attachments, especially as outlined above referring to an international conference.
What is email phishing?
"Phishing" emails on the other hand will usually provide a link to a bogus website designed to look official, where the end-user is required to enter sensitive account information, such as bank details or credentials for email accounts.
How can you spot malicious emails?

These emails can vary in sophistication - some are very obvious, and easy to spot, whereas others may be more difficult. As a rule, if you receive a suspicious email, you will be able to ascertain whether it is genuine by following these steps:
• Hover over the sender's name and take careful note of the email address. Check that the domain name is correct, and there aren't any misspellings
• Be wary of attached files. If the message has a ".exe", ".scr", ".zip", ".reg" or ".bat" file attached, consider this a red flag
• If you receive an email from an organisation requesting urgent payment of an invoice, consider first whether this is something you expect
• If in doubt, contact the sender by phone or email (ensuring the email you're replying to is correct) to confirm whether the email is genuine

What action is required when you receive malicious emails?

If you believe you have received a malicious email, please follow the guidance below to assist NHS Mail in improving it's filtering processes:
Using the NHSmail Portal (Outlook Web App):
Step 1 – Forward the email to spamreports@nhs.net as an attachment for virus analysis and central trend monitoring:

1. Click on the Spam Email in the reading pane to select it
2. Click on the New mail icon in the top left of the screen
3. Drag and drop the spam email from the email list into the body of the new blank email
4. Type spamreports@nhs.net in the To: field
5. Enter the appropriate subject text
6. Note: It is recommended that you use spam, phishing or malicious depending on the type of email you are reporting
7. Click send
Step 2 – Permanently delete the suspicious email (bypassing the deleted items folder)

1. Select the suspect email from your email list.
2. Hold down the ‘Shift’ key and press the ‘Delete’ key.
3. Click ‘Yes’ to confirm if a warning dialogue appears.

Using Microsoft Outlook:
Step 1 – Forward the email to spamreports@nhs.net as an attachment for virus analysis and central trend monitoring:
1. Select the suspect email from your email list.
2. In the Outlook ribbon in the respond area, select ‘More’ and then select ‘Forward as Attachment’.
3. In the email window that opens add spamreports@nhs.net as the recipient in the ‘To field’.
4. Click the ‘Send’ button.

Step 2 – Permanently delete the suspicious email (bypassing the deleted items folder)
1. Select the suspect email from your email list.
2. Hold down the ‘Shift’ key and press the ‘Delete’ key.
3. Click ‘Yes’ to confirm if a warning dialogue appears.
If you suspect your PC or laptop has become infected, please turn off your device, remove the power and network cable and then report it to the CRC (service desk).