Beware Phishing Emails

Local school districts continue to experience significant phishing email campaigns. Typically these phishing emails ask the recipient to click on a link and provide personal information, like an email password. The emails might appear to be from the district, a staff member, or another district’s employee, but are in fact malicious. When for example someone might click a “Docusign” link and sign in via the Google sign in, they aren’t where they think they are. The payload as shown below, actually captures the login and signs the user in, but also gives some access to bad actors.

Our district and other districts will never ask a staff member, student, or parent/guardian to provide a password or personal information via email. Some variants of phishing emails circulating are listed below. If you receive any of these, do not click on any links. At a minimum, ignore/delete them, but ideally, click the phish hook so that they email can be reported and if found malicious we can easily click a button and remove it from all others’ inboxes that might have it.

1. A phishing email with the subject line (Staff Member Name) Shared a Document and it appears to be sent from DocuSign, on behalf of some district employee. If you receive such an email, DO NOT open the blue DocuSign link that is towards the bottom of the email. Ignore/Delete the email or better, click the phish hook.
2. A phishing email with the subject line Action Required  – IMPORTANT UPDATE and it appears to come from a district department, such as the technology department. If you receive such an email, DO NOT click on the link or copy and paste the link into your browser. Ignore/Delete the email., or better, click the phish hook.
3. Other subject line variants:
   Final Notice – Action Required

   Final Notice – Action Required to Prevent Account Deletion

4. Act Now…

Finally, note, if you have a district account impacted by falling victim to a campaign, please submit a help desk ticket for assistance. If a personal email address is impacted by a phishing email, please contact your email provider for assistance. For other sensitive accounts, try to improve their security posture by enabling two factor authentication.

Unfortunately, phishing emails continue to be a threat in our digital world. For more tips on identifying and preventing phishing emails from impacting you, review the Secure Our World Phishing Tip Sheet shown below.