Page tree

Overview

We continue to do occasional "phishing practice" events in order to give everyone "live" practice with identifying and avoiding scam, phishing, or otherwise malicious e-mails.

This is a necessary form of practice and training. It is the digital equivalent of a "stranger danger" lesson, and an unfortunate reflection of the reality that is now commonplace for school districts to experience data breaches due to exactly this type of attack.

This article includes some examples of things to watch for and some training materials. Usually, if it looks like a scam or seems out of character (ie., your building Principal probably isn't going to send you an urgent e-mail asking for cash) then the delete button is your safest option.


Here are the results of our phishing practice campaigns for approximately the past two years.  

 Click here to expand for individual campaign results...
 2021
 February '21
 2020
 December '20

 October '20

 2019
 March - April '19

 2018
 December '18

Spotting a Phishing Attempt

Here are some tip sheets for spotting a phishing (attempt to gain access or information) or spoofed (impersonating someone as part of a phishing attempt) e-mail.  You'll see some common themes; most suggestions boil down to being observant and trusting your intuition if a message seems out of character or unexpected.



Click to open the PDF file.


Sample Phishing E-mail

Sample e-mail from our phishing practice noting some red flag items, such as being aware of sender, whether links seem to go where they say, and establishing a sense of urgency in the example below.


When it comes to phishing attempts, we cannot stress this enough - if your instinct says something is off even if there are no obvious red flags, it's always best to pick up the phone to check with someone directly or forward the message to the help desk to have it reviewed.