Phishing and Malware
When in doubt, don't! You can always forward the email to spam@springfield.k12.or.us and ask for clarification. Someone will usually get back to you quickly during business hours.
At the district, we run various systems to help filter out spam and other malicious email messages, but some still get through. Sophisticated malicious telephone calls that target specific groups of people are also on the rise in our area, according to local law enforcement.
Here are some tips and guidelines:
Basic types of malicious messages/calls:
Spam: unwanted messages that sell you a service or product, but are otherwise harmless.
Phish: Messages attempting to trick you into giving out sensitive details like account passwords, social security numbers, bank/credit/debit/check account numbers, and so on.
Vishing: Similar to phishing, but over the telephone or via text.
Malware: Messages that contain malicious software that do bad things, ranging from destroying data, to stealing sensitive information or spying on your computer.
Signs that a message may be malicious:
Asks for sensitive information, or provides a link to a web page that asks for sensitive information, such as your password, social security number, payment account details, and so on.
Threatening grave consequences if you do not comply with their request.
The message uses broken English or contains a lot of typos.
How to stay safe:
Practice common sense with a healthy dose of skepticism.
Do not open attachments from senders you do not know.
Do not use your district email account for personal business (including personal purchases, taxes, memberships, etc). If you are not doing personal business on your work accounts, then businesses have no business emailing you at your work account.
Never give your passwords to anyone! Tech Services personnel should never ask you for, or have a need for, your password.
When in doubt, ask!:
If you've followed the above steps and you are still unsure, you can forward the message to spam@springfield.k12.or.us and someone will get back to you with an answer.
What are some suspicious indicators of a phishing email?
The email came from an unknown person and/or email address outside the district.
Eg. An email from "info@aput.pk" asking for your credentials and threatening that your webmail account will be shut down is most definitely malicious.
Eg. An email from a user in a nearby school district asking for your credentials is probably also malicious. The person's account was probably hijacked by criminals.
The email often has threatening overtones.
Eg. "Your account will be deleted if you don't respond"
If at some point, you ignore a legitimate email and your account is, for some reason, disabled -- don't worry! It's always pretty easy to re-enable an account and we appreciate the caution from end users.
Misspellings and grammatical errors.
No district branding. BUT! Sometimes criminals go the extra mile and do include district branding, so this shouldn't be a make or break criteria.
What potentially happens when I fall for these tricks and my account is hijacked?
It largely depends on the goals of the attacker.
The contents of your emails could be downloaded by the attacker. Confidential student and staff data could fall into the hands of criminals.
Other email servers on the Internet may block email from the district. This results in many hours of work for Technology Services staff to get us unblocked.
Criminals will very likely use your account to send out mass-phishing and/or malware attacks.