Phishing
Phishing is a type of attack carried out in order to steal usernames, passwords, credit card information, Social Security Numbers, and other sensitive data by masquerading as a trustworthy entity. Phishing is most often seen in the form of malicious emails pretending to be from credible sources.
Phishing is used to trick users into giving away their information, attackers can:
- Steal money from victims (modify direct deposit information, drain bank accounts)
- Perform identity theft (run up charges on credit cards, open new accounts)
- Send spam from compromised email accounts
- Use your credentials to access other district systems, attack other systems, and steal confidential district data.
The goal of most Phishing emails is to trick you into visiting a web site in order to steal your credentials. Attackers will setup web sites under their control that look and feel like legitimate web sites. Often the Phishing emails will have an immediate call to action that demand you to "update your account information" or "login to confirm ownership of your account". If you enter your credentials into these illegitimate web sites you are actually sending your username and password directly to the attackers.
