Cyber Security Tips

Organizations which track cyber-scams are also seeing an increase in phishing, scams, and malware threats.


Before you act on any message you get from email, social media, or phone, use the Stop. Look. Think strategy:

Stop. Ask yourself: Who is the message from? (How do I know it's them?)

Look. What do they want me to do? (Is there an urgent call to action? <- red flag)

Think. What evidence supports this message? (How can I independently verify it?)


Good info on Covid cyberscams. (These tips were shared by a colleague from another school.)

  1. Cyber threat actors are creating malware infected virus maps and sending coronavirus-themed phishing emails in an attempt to lure employees into clicking on booby-trapped URLs.
    TIP: hover over the link and follow the URL before you click. Is this a trusted source? If unsure look at the domain name and retype it in your URL bar to go directly to the site, but DO NOT click the link if you have doubts.

  2. More than 80% of the current threat landscape is made up of coronavirus related themes and lures.
    TIP: this would be a good thing to let any student or parent know if your lessons involve open research around C-19 (websites that have not been vetted by you).

  3. Social engineering attacks based on the fiscal stimulus bill and COVID-19 financial compensation schemes are popping up.
    TIP: good information for anyone applying for assistance online. Keep your personal identifiers (DOB, SS) safe. If you are calling an agency for assistance, seek out its phone number on your own, in case you've received fake messages about it with phone numbers that lead to scammers.

  4. Scams pretending to be from our Voicemail system and or scanned documents from copiers continue to circulate:
    TIP: Become familiar with the true format of our voicemail system and copier scanner systems.

  5. The crisis is being used to distribute malware.
    TIP: Our Windows PC users should check the "Windows Defender" antivirus protection and make sure it is working. Macs are less susceptible to viruses, but on both platforms do not allow any new program to be installed. Both systems should prompt you to authorize new installation of software, and if you do authorize it, the anti-virus program does not protect you.

  6. Cyber threat actors are encouraging users to download malicious PDF documents around Coronavirus related safety measures to spread malware payloads.
    TIP: Be careful what you click on. Don't allow software to install itself. Keep your operating system up to date with its patches.

  7. Coronavirus phishing emails are alleging to be from the WHO or the CDC and may include instructions to download documents embedded with macros or malware that can allow cyber criminals to drop a backdoor on victims’ computers.
    TIP: You should never allow macros from internet documents to run. These are Microsoft Word & Excel functions that can compromise your computer. This could also come in the form of a keystroke logger that would record everything you type, including your passwords.

  8. A large number of coronavirus-themed domain names were registered in February 2020, presumably to be used for phishing attacks or to sell virus cures or prevention assistance.
    TIP: Be careful about assuming a domain name is a legit organization unless you know it to be true, or can independently verify that domain name.

TIP of ENCOURAGEMENT: Don't let this scare you, let it empower you. Look at it as you are getting a higher level of security skills and knowledge around your own internet safety. If you have questions or concerns let us know.


Some of the hallmarks of email phishing are:

  • It appears as an important notice, urgent update or alert with a deceptive subject line to entice the recipient to believe that the email has come from a trust source and then open it.

  • It sometimes contains messages that sound attractive rather than threatening e.g. promising the recipients a prize or a reward.

  • It may use a forged sender's address or spoofed identity of the organization, making the email appear as if it comes from the organization it claimed to be.

  • It might appear to be coming from a school official or from the IT Department.

  • It may include contents such as texts, logos, images and styles used on legitimate website to make it look genuine. It uses similar wordings or tone as that of the legitimate website. Some emails may even have links to the actual web pages of the legitimate website to gain the recipient's confidence.

  • It may contain hyperlinks that will take the recipient to a fraudulent website instead of the genuine links that are displayed.

  • Scammers might seek to have an email conversation with you in order to get you to disclose personal information or in order to solicit a monetary transaction.



Also See:

Bank of America Cyber Security Tips