Phishing Email/text Examples

Here is an email from someone pretending to be the district superintendent, sent to someone in Accounts Payable.  It can be easily missed that the email did not come from an mjusd.com or mjusd.k12.ca.us email domain.

"executive@office7-secure.com" is not Mr. Cena's email address.

Here is a text message from someone pretending to be the President of the school board.  No one associated with MJUSD will ask for gift cards in this manner.

The following messages were pretending to be from a principal that was sent from the MJUSD website to all of that school's staff.  When a teacher responded to this message, the scammer asked: 

"Can you help me get Amazon Gift Card from the store now? I will surly Reimburse you back today once i'm done."  

Nobody in the district will use the MJUSD website in this manner, nor will they email from a domain other than mjusd.com or mjusd.k12.ca.us.

The following image was attached to an email in an attempt to have someone call the number.  The sender's email address was from gmail.com.  This is an attempt to gather personal and financial information over the phone.  Additionally, images can continue opportunities to install a virus.  

No business will reach out for a subscription renewal if you've never done business with them before, and no business will send an email using a Gmail address.  They'll have their own domain to send with, similar to MJUSD having mjusd.com and mjusd.k12.ca.us.

Here is an email offering free technology to a school.  The contact email is on Gmail's email service, while the link is a completely different website domain.  

Legitimate offers typically don't come through MJUSD's contact form and they would have an email with their legitimate website.  Responding to this email or clicking on the link could lead to interactions with a malicious actor.

The following email is a classic example of a phishing attempt, which is hoping to steal credentials from the recipient.  The sender name has multiple spelling errors and the email is a "gmx.ch" domain.

The credential theft is accomplished by clicking on the link in the email, which then prompts for the email login information.  MJUSD email doesn't expire for the total length of employment.  Additionally, mjusd.com only forwards to the actual email address, which is mjusd.k12.ca.us.

The following email in the first image had a link to the page in the second image.  This method tries to work around automated spam blockers by using a legitimate service like Sharepoint.  We can see in the second image that there is a link to another page, which was the malicious page.  Hovering over that link showed that it was a website hosted in Russia.  It is very unlikely that anybody in Russia will be sharing information with an MJUSD employee.  Additionally, the employee noticed this was a malicious email because they did not know the sender, nor had they requested any documents from anybody recently.