Spearphishing campaign targeting multiple government departments

The NCSC is aware of a current spearphishing campaign targeting a wide number of government sector employees. To the recipient, the spearphishing email appears to be sent from a legitimate but spoofed (i.e. using a forged sender address) email address.  The NCSC recommends all government IT Security Managers advise employees not to follow the hyperlink contained in the body of the spearphishing email.