Local school districts continue to experience significant phishing email campaigns. Typically these phishing emails ask the recipient to click on a link and provide personal information, like an email password. The emails might appear to be from the district, a staff member, or another district’s employee, but are in fact malicious. When for example someone might click a “Docusign” link and sign in via the Google sign in, they aren’t where they think they are. The payload as shown below, actually captures the login and signs the user in, but also gives some access to bad actors.
Our district and other districts will never ask a staff member, student, or parent/guardian to provide a password or personal information via email. Some variants of phishing emails circulating are listed below. If you receive any of these, do not click on any links. At a minimum, ignore/delete them, but ideally, click the phish hook so that they email can be reported and if found malicious we can easily click a button and remove it from all others’ inboxes that might have it.
- A phishing email with the subject line (Staff Member Name) Shared a Document and it appears to be sent from DocuSign, on behalf of some district employee. If you receive such an email, DO NOT open the blue DocuSign link that is towards the bottom of the email. Ignore/Delete the email or better, click the phish hook.
- A phishing email with the subject line Action Required – IMPORTANT UPDATE and it appears to come from a district department, such as the technology department. If you receive such an email, DO NOT click on the link or copy and paste the link into your browser. Ignore/Delete the email., or better, click the phish hook.
-
Other subject line variants:
Final Notice – Action RequiredFinal Notice – Action Required to Prevent Account Deletion
- Act Now…
Finally, note, if you have a district account impacted by falling victim to a campaign, please submit a help desk ticket for assistance. If a personal email address is impacted by a phishing email, please contact your email provider for assistance. For other sensitive accounts, try to improve their security posture by enabling two factor authentication.
Unfortunately, phishing emails continue to be a threat in our digital world. For more tips on identifying and preventing phishing emails from impacting you, review the Secure Our World Phishing Tip Sheet shown below.
Phishing is a digital form of social engineering that uses authentic-looking emails to trick users into sharing personal information. It usually includes a link that takes the user to a fake website. If you cannot verify the source, do not open the link. Report suspicious messages to your IT team.
Social media exploitation is where the attacker uses information found on a user’s social media profiles to create a targeted phishing attack.
Fake IT Support calls are a common form of impersonation where someone pretends to be an authorized user or administrator in an attempt to gain illicit access to protected data systems. The attacker has enough information to sound credible, and they ask the user for some bit of information that will allow the attacker to gain access to the desired system.
Scareware is a type of baiting where the use of false alarms or fictitious threats lure the user into a trap. One example is the attacker convincing a user that their system is infected with malware and that they should install software granting remote access. Another example is the attacker claiming to have sensitive videos which will be released if the user does not pay.
Tailgating, also known as “piggybacking”, is where an unauthorized person manipulates their way into a restricted area, such as impersonating a well-known role (e.g., delivery driver or custodian worker) or asking a user to “hold the door”.
Shoulder surfing is where an unauthorized person stands near a user to get the user’s password or other data from the user’s computer monitor.
