[This posting from Dearborn Public is worthwhile and applicable in our district too.] With the holidays fast approaching, a rise in phishing attacks is traditionally seen as well. Phishing attacks can be frustrating to deal with. The best defense is to not fall for them in the first place. Unfortunately, we are seeing phishing attacks become “better” (i.e. harder to detect) and more polished.
What Phishing Does
Phishing is an attempt to do one of two things
- Tricking users into revealing their credentials.
- Getting users to install malware.
Credentials
Quite frankly, your credentials are very valuable. For many of our users, district credentials lead to student information, lots of valuable district information and more. Plus, many users “reuse” passwords. So, learning a user name and password on one site can lead to the ability to log into other sites.
Protecting Against Phishing
We employ several strategies to prevent phishing attempts from ever reaching our users. However, even the best of all of these combined will not be perfect. Occasionally, phishing attempts will land in your inbox.
Tips to Identify Phishing Attempts
- Be suspicious of “odd” grammar and punctuation
- Be suspicious of “odd” wording
- You probably didn’t “win” a gift card (especially if you never entered a contest)
- Be wary and wise about contests
- Be aware of “urgent” deadlines
- Watch out for shortened URLs
- Look at where the link is actually taking you
- Carefully review the actual URL of the site that you are on
Spear Phishing
Spear phishing is targeted at specific individuals. Unlike phishing (which usually blankets a wide variety of users), spear phishing aims to trick high profile targets into giving up their credentials.
Preventing Becoming a Victim
It is important to prevent becoming a victim.
- Use the Tips to Identify above.
- Turn on 2-Step or 2-Factor Authentication (here’s how for your Google account)
- Use a Password Manager.
- Be suspicious (especially when on a mobile device).
- Instead of clicking on a link, enter the URL of a website that you want to visit (or use a known bookmark)
[Please note, the P-CCS Tech department will periodically send out training exercises or notes to help staff hone and heighten their skills to avoid falling victim to a phishing campaign.]