Aberdeen School District #5

Technology Department

What is Phishing?

Phishing is the act of sending fraudulent emails which appear to be from legitimate senders, companies or organizations with the intent to compromise passwords, obtain sensitive data, receive money, giftcards or other valuable information.  

It is estimated that more than 90% of data breaches start with a phishing attack, one of the most common methods used to gain access to sensitive information.

Phishing emails will often appear to be from administration, governing organizations, or common entities related to the users role. Phishing scams may attempt to: gain access to cash, gift cards, payment card data, sensitive information, take control of your device, and/or take control of network resources.

Phishing attacks can be successful when the user replies to a phishing email, opens file attachments with harmful software, clicks on links to external sites, enters sensitive data such as accounts and passwords.

How to identify Phishing emails:

In some cases it can be difficult to identify phishing emails, as they will be designed to appear to be from known senders and often come from someone you will feel obligated to respond to quickly. Look for the following indicators when reading and responding to all email:

• The email creates a sense of urgency
• Causes emotion, may use fear, empathy, greed or other emotions to solicit a response
• Request involves sensitive data (may include usernames, passwords), request for money, or changes that might affect access to such things i.e. direct deposit, money orders, etc.
• Contains links which go to outside sites, prompts to reset accounts, for usernames, passwords, etc.

Some phishing scams are starting to send messages with notifications boxes/messages which will indicate that the message is "verified" or "scanned" and is OK. Please be aware that our email system only provides warnings and does not provide any type of validation for messages. If you see a validation/verification notification this should be a red flag to proceed with caution as it may be part of a phishing email.

If a notification is given (yellow block) that the reply to address is different than the sender, please proceed with caution, this feature was turned on as a safety measure - but please note this message will be displayed from many auto generated messages, such as those from skyward (and other systems) where the reply back goes to a valid user within asd5.org.

While there are many tools and processes which stop most malicious emails from getting to the inbox, they will never stop them all. User education and correct action is our best defense.

How to avoid being victim to a phishing attack

Email is one of the district’s primary communications tools, both in the district and with outside contacts. In the last year (2018), phishing scams have increased significantly, becoming more personalized and targeting specific personnel. It is important to always treat every email you receive as a potential phishing email. Look for key identifiers, such as sense of urgency, unusual wording or vagueness, soliciting nothing more than a response. Many mobile clients make it harder to recognize the senders email as being spoofed is when responding by cell phone, use extra caution if responding on mobile devices.

If you suspect or have doubts about an email, review the details of who sent the email. Check the sender email address (not the displayed name) and the reply to address (not the displayed reply name). Verify they match known senders, in cases where the attacker attempts to fool a user you may see email address that look almost right.

Examples (based on real phishing attacks):

(Likely from your boss)                                     (Phishing Attack)

yourboss@asd5.org       vs      yourboss@gmail.com

In this example the attacker has created a gmail account that looks almost identical to the actual district account.  

(Likely from your boss)                                     (Phishing Attack)

youmightknowme@asd5.org      vs      youmiqhtknowme@gmail.com

In this example, the district was able to block the first gmail account used for a phishing attack. As a result the attacker created another gmail account that looks almost identical to first phishing attack email and the actual district account. They switched the “g” for a “q” which may easily be mistaken for being correctly.

In addition to identification techniques, avoid sending short vague messages without unique context to fellow staff. As an example, the "hey, got a minute?" message and any similar should be an instant red flag for all users.

What to do if you have received a phishing email

If you have received an email which you believe is a phishing scam, do the following:

1. Do not respond to the email
2. Check the sender's email (not displayed name), look for incorrect spelling and the domain (the portion after the @ symbol) for anything unusual.  
3. Report the email to the technology department as soon as possible by calling (ext. 2035 or forwarding the email to mmahon@asd5.org, once reported the technology department
4. Mark the email as phishing (not spam)

If you have any questions regarding phishing attacks or any other technology safety concerns please don’t hesitate to contact the ASD5 Technology Department