Another Day, Another PHISHING Attempt

Earlier this fall, William Stites, Director of Technology at Montclair-Kimberley Academy (NJ) shared this post about his school's experiences with and responses to several phishing attempts. The post confirms how frequent such attempts can be and how they have unfortunately become part of daily life at schools. Stites, who is also one of the co-hosts for the ATLIS Information Systems User Group, describes how phishing attempts provide an opportunity for training and education. -- SD

[15 min. read]

Guest Blogger: William Stites
(re-posted from williamstites.net, 28 April 2018)

It seems like you can’t get through a day without hearing about a new phishing scam out there, and today we were actually hit with two. I shared these with the employees at my school, along with two more examples of common phishing emails.

1. The “Headmaster” email.
When you get an email from your Headmaster, you generally want to answer it right away… but hold on. One recent scam we have seen uses the actual name of your school’s headmaster, but upon close examination, you can see that it is indeed not an organizational address.

headmaster_email_01

But if you reply, what might happen? You’d be surprised, just as I was, to see the level of interaction that can go on before the recipient realizes this might be a scam.headmaster_email_02

2. FBI Warnings
A major new agency in my home state, NJ.com, has reported that the FBI has issued a warning to NJ residents about phishing emails targeting login credentials for payroll systems: “There’s a scam to steal your paycheck that the FBI wants everyone in N.J. to know about." As we talk to our employees about phishing scams, we always put those conversations in the context that these topics are not just a school-related issue, but they can help you outside of school as well. This is a prime example of just such a scam.

3. Common Occurrences
Below are two more examples of some of the common phishing emails that come into your inbox on a daily basis. They include the familiar indicators such as suspect email addresses, URLs for the links are not associated with the actual company, spelling errors. In the Apple example, the details were in an attached PDF.

 

As technology leaders, we all need to constantly remind those within our organizations to be vigilant when it comes to questionable emails. All too often, we simply hit reply and provide the requested information in an effort to keep up with the constant flow of email. We need to work with our organizations to set aside time for training and keep up with updates on how to recognize risks and how to report them.

Share this post:

Comments on "Another Day, Another PHISHING Attempt"

Comments 0-5 of 0

Please login to comment