This week’s safety tip is contributed by Marc Elliott, chief information officer in the school district’s Technology department. Great advice!
Defining “Phishing,” “Email Spoofing” and Business Information to Never Send Through Email
As we are all aware, there are sophisticated criminals across the globe that prey on the “human element” of businesses employees to glean Personally Identifiable Information (PII) to steal identities, money and/or credit. These acts are very difficult to investigate, as the criminals use many methods to conceal their true identities and physical locations. It is very typical to see these scams performed through “Phishing and Email Spoofing” actions.
Phishing (Mirriam-Webster definition): a scam by which an email user is duped into revealing personal or confidential information which the scammer can use illicitly.
Email Spoofing: A process in which a scammer changes the header information in an email to make it appear to have originated from somewhere or someone other than the true sender.
A common tactic for cyber criminals is to “phish” an entire organization or even a select few members. They “phish” the organization using a “spoofed” email which makes it look like it came from a reputable source such as a bank, security agency and other employees in supervisory positions, including those in school districts. They will often try to get you to click a link where you will be taken to a page, asking for personal information. They will also ask you reply to the email and to attach files containing financial and/or personal information about you and/or your workplace.
To avoid falling victim to a phishing/email spoofing scam, there some items to remember when responding to email.
- Never send social security, credit card and/or bank account information through email.
If someone requests that information through email, discuss the request with them personally (face to face or phone) and determine a more secure process for delivering that information.
- Never click a link in an email unless you are positive of the sender’s identity and intentions.
Clicking a link in a phishing email (spoofed or not) will often take you to a Web page that looks official (easy to fake) and asks for account numbers, passwords and other PII. Email links can also establish a discrete download of malware to your computer, such as ransomware, adware, viruses, trojan horses etc.
- Exercise caution when sending PII, and be positive of the sender’s identity and intentions.
When responding to email requests of other types of PII (legal name, mailing address, birthdate, phone numbers etc.) make sure you know who is making the request of you, that they have a reason for requesting it and that they are who they say they are.
- Be suspicious of poorly or generically addressed emails.
Often times scammers will phish huge groups of people all at once (cast a huge net!) and will address the email generically. Upon seeing a poorly addressed email, immediately be suspicious. If you determine it is not authentic, delete it.
Unfortunately, in this era of the Internet, criminals will continuously attempt to scam people and businesses out of information, ultimately for monetary gain. Help protect yourself and the district by following the technology safety tips above when opening, reading and responding to email.
Remember… if you question the authenticity of an email, contact the sender directly or contact the Technology Help Desk at x6172 and we will help!