Tech Weekly News Update

We had a big email phishing scare this week, and I can say it was truly a learning experience! We believe this cyber threat has been resolved, but we want to send out a few reminders regarding malicious email attacks. It can happen to anyone at anytime. It is the world we live in. We must stay vigilant and not let our guard down. The good news is that we were able to identify the hack, sign out of the Office 365 account and change the password. As soon as these steps were taken, the hacker could no longer login to the teacher's email.

Clever engineering went into this email hack. The original email came from a colleague

from another school that had also fallen for the phishing scam. The email included a button labeled “Review and sign,” which looked like a legit message from Adobe Acrobat Sign. Once the button was clicked on, it redirected the user to a page to view the document. However, in this malicious message, the button is linked to a phishing site designed to look like a Microsoft 365 login page. If the user enters their username and password, the hacker will steal, save, and exploit their credentials. Once the hacker had the login information, they were able to login to the teacher's email. They do not always act immediately. They spend time exploring your email for personal identifiable information (PII). After they are done searching for any PII, they will send out a mass phishing email as in our case they sent emails to our listserv and every contact that has ever been emailed to try gain more access to PII and infiltrate our school domain. Is this serious? You bet it is! Please alert us with any unusual occurrences. In cases like this, time is critical! The faster we can get the password changed the sooner the hacker can be stopped. One other important factor with this incident - after the teacher entered the login credentials, NOTHING HAPPENED. There was no document to sign. That is a huge red flag!

If you clicked on the the "Review and sign" or anything in that email, we highly recommend that you change your password. The sooner you are able to change your password, the sooner you can STOP the hacker! If you are at school on your teacher desktop, press Ctrl Alt Delete. You will see a blue screen. Click on change password and proceed. If you are not at school, sign out of your account and contact Chris or Julie ASAP. Text or email us, or if you are unable contact us, contact your campus principal. We are able to change your password off site.

1. An Unfamiliar Tone or Greeting

The first thing that usually arouses suspicion when reading a phishing message is that the language isn’t quite right – for example, a colleague is suddenly over familiar, or a family member is a little more formal. If a message seems strange, it’s worth looking for other indicators that this could be a phishing email.

2. Grammar and Spelling Errors

One of the more common signs of a phishing email is bad spelling and the incorrect use of grammar.

3. Inconsistencies in Email Addresses, Links & Domain Names

Another simple way to identify a potential phishing attack is to look for discrepancies in email addresses, links and domain names.

4. Threats or a Sense of Urgency

Emails that threaten negative consequences should always be treated with suspicion. The scammer hopes that by reading the email in haste, the content might not be examined thoroughly so other inconsistencies associated with a phishing campaign may pass undetected.

5. Suspicious Attachments

If an email with an attached file is received from an unfamiliar source, or if the recipient did not request or expect to receive a file from the sender of the email, the attachment should be opened with caution.

6. Unusual Request

If the email is asking for something to be done that is not the norm, then that too is an indicator that the message is potentially malicious.

7. Short and Sweet

While many phishing emails will be stuffed with details designed to offer a false security, some phishing messages have also been sparse in information hoping to trade on their ambiguity

8. Recipient Did Not Initiate the Conversation

Because phishing emails are unsolicited, an often-used hook is to inform the recipient he or she has won a prize, or will benefit from a discount by clicking on a link or opening an attachment. In cases where the recipient did not initiate the conversation by opting in to receive marketing material or newsletters, there is a high probability that the email is suspect.

9. Request for Credentials, Payment Information or Other Personal Details

One of the most sophisticated types of phishing emails is when an attacker has created a fake landing page that recipients are directed to by a link in an official looking email. The fake landing page will have a login box or request that a payment is made to resolve an outstanding issue. If the email was unexpected, recipients should visit the website from which the email has supposedly come by typing in the URL – rather than clicking on a link – to avoid entering their login credentials of the fake site or making a payment to the attacker.

10. See Something, Say Something

Identification is the first step in the battle against phishers. Chances are if one employee is receiving phishing emails, others are as well.

Thanks to everyone for reporting, communicating, and getting those passwords changed quickly! Acting fast to report suspicious emails provides time for incident response and to help provide the information needed to rapidly respond to potential phishing attacks and mitigate the risk from those that may fall prey to them. More to come next week!