information technology department
Protect Yourself From Phishing, Smishing & Vishing
It Can Happen To Anyone
Phishing is a social engineering attack built to gain some degree of trust from people. This trust, whether a link is clicked on, an attachment is opened, or a false need is met, is meant to steal sensitive information, such as credit card credentials, banking account credentials, district-owned or personally managed accounts, and more.
Smishing is identical to the phishing definition above, but it is executed via SMS, better known as text messaging, as opposed to through emails or calls. Similar guidelines also apply to this concept of social engineering.
Vishing is another identical to the original phishing definition two slots above, but it is executed via voice calls, or serviced meeting providers, as opposed to being through email or text messages. Similar guidelines also apply to this concept of social engineering.
Identify "Callsigns"
Look for errors in capitalization, lack of punctuation, and other items that may not otherwise indicate a legitimate email. To be fair, some legitimate emails will contain errors, so this is only a potential for spotting.
If you did not ask for it, or it isn’t a regularly scheduled document or link, it may be an illegitimate attempt at stealing your information. In a recent example, a compromised email from another school district sent out a supposed survey to a number of our staff members. Although this may seem legitimate, as the subject matter was relevant to our organization and they sent it to numerous staff members, one must always remember that this information is freely available to all on our website.
This ties in with the “if you did not ask for it, or isn’t regularly scheduled” concept of phishing protection. Receiving requests for information, attachments, or suspicious links from a new sender is a classic red flag. Regardless of if the source is from another district, or seemingly even from our district, it could be fraudulent. Similarly, someone from another district that you last had contact with three years ago sending you a sudden attachment, link, or survey would be considered a red flag for phishing.
In other terms, an email with an official copy and pasted Microsoft header, or any other generally reputable corporation, should not be sent from “[email protected].” See below for a reference image regarding checking where an email came from. I would still remain cautious, even if it looks like it’s from a legitimate source, as there are many ways to spoof this data.
Additional "Callsigns"
Be wary of bills or invoices that you receive by email. If you aren’t expecting them, or don’t think you owe what is described, it may be a phishing scam.
Phishing may involve the names of loved ones or others you may closely associate with. If an email asks you to act on an instinct or you may face a penalty, there is a good chance that this is a red flag, especially if you are not expecting anything like it.
Believe me, I understand the irony regarding my own email greetings and signatures. Some greetings and signatures end up looking overly professional anyhow. That being stated, I mean to call attention to greetings like “Dear sir,” or “Dear madam,” not “Hi so and so.” This isn’t to say that scammers won’t use your name, but many of these scams tend to be sent out in the millions with generic openers and closings.
Please be wary of any documents that randomly show up in your Google Drive shared section. A recent report from another Montana school district indicates that this is another method scammers are using to attempt to phish K-12 staff members across the state and across the world as a whole.
Google Training Courses
Learn basic and advanced skills across Google tools with free of charge online training courses designed for educators of all levels.
