Phishing emails
Email attacks are getting more sophisticated all the time, and the District receives many of these “phishing” emails. “Phishing” is an attempt to make a fake email (or text message or phone call) seem legitimate in order to trick the recipient into performing an action, usually sending personal banking or account information to an unknown agent.
Our Google Apps domain does a good job of eliminating most phishing attempts, but some still can make it through. Here are some tips that can help you identify these emails.
Tip 1: Verify the name and address
A familiar name in your inbox isn’t always who you think it is. A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Our Google Mail client will show you the display name as well as the actual address the email came from.
In this case, although it’s a District employee in the name, the actual source of the email is not a @landerschools.org address.
Tip 2: Don’t give up personal information in response to an email, text, or phone call
Legitimate banks and online services never ask for personal credentials or verification codes via email or text. They tell you this up front when you register for their service, and they remind customers constantly. Don’t give such information.
Tip 3: Beware of urgent or threatening language in the subject line
Invoking a sense of worry or urgency is a common phishing tactic. Beware of breathless emails that claim your “account will be suspended” or your account had an “unauthorized login attempt” that will be “shut down” if you do not “verify your password” in a certain time period. Wouldn’t a legitimate service let you know this information on their website when you access your account? Would another employee demand personal information “right away” in a tersely-worded email? No, so don’t fall for these emails.
Tip 4: Look but don’t click
Hover your mouse over any links embedded in the body of the email. What says “ChaseBank.com” in the description might actually be “somewhere_weird.ru”. Don’t ever click on links in these emails.
Tip 5: Check for spelling mistakes, awkward English usage, and strange characters instead of letters
Emails from legitimate companies are constructed by professional writers and exhaustively checked for spelling, grammar, and legality errors. They also don’t contain strange turns of phrase and awkward English usage. Read your emails carefu11y when you receeive an 0ffer as changing or substituting characters is a trick to avoid keyword filtering. Such an error-riddled unexpected email from a company is a strong indicator of a forgery.
Tip 6: Don’t click on attachments
Malicious attachments that contain malware is a common phishing tactic. Don’t open any email attachments in messages you weren’t expecting. Google Apps will warn you of suspicious attachments -- don’t ignore these warnings.
Tip 7: Analyze the salutation
Is the email addressed to a vague “Valued Customer?” Also, lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.
Tip 8: Don’t believe everything you see
Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it. Instead, manually type in the website address and sign into your account to verify the information.