Can you imagine what school districts would be like today without email? Today, South Dakota school districts communicate, make announcements, schedule meetings, share assignments and other documents all through the digital medium of electronic mail. It’s fast, it’s easy and it allows us to reach multiple people with the single click of a button. For the most part, email is a tool that affects our working and personal lives in a positive way. It allows us to perform all of the aforementioned activities quickly and efficiently. Unfortunately, there are individuals out there who choose to use it in a negative way.
Every so often in the news, we’ll see, read or hear about a phone scam going around that is trying to trick people into divulging sensitive or personal information. These phone scammers oftentimes pretend to be representing a legitimate organization or purpose. They try to gain our trust, and ask us questions that allow them to gather this sensitive or personal information, usually for the purpose of financial gain or similar. Their goal is to reach as many people as possible to facilitate their scam to maximize their results. It didn’t take these nefarious individuals long to see the same benefits in email that we see in using it today. They developed a method of reaching out to large groups of people quickly and efficiently to carry out these malicious activities. The practice is called “Phishing,” and it’s a practice that email administrators, and more importantly, email users need to be aware of all the time.
Phishing is formally defined as a way of attempting to acquire personal and private information such as usernames, passwords, credit card numbers, bank account information, etc. by masquerading as a trustworthy entity in electronic communication. This communication often purports to be from popular social web sites, auction sites, online shopping sites, online payment processors or IT administrators and is used to lure the unsuspecting public. Phishing can be used to gain this personal information by redirecting the user to a fake website that is designed to look legitimate. Some phishing attempts can even use web links to install malware or spyware on a user’s computer that collects information about that user.
Typically, a phishing attempt is started by an email that appears to be from a legitimate source. Most often, it asks a user to click on a specific link or go to a specific website for a seemingly legitimate reason. Often it’s to “verify information” or that there is a problem with their account or transaction and they need to “enter their username and password,” or “re-enter their payment information.” Another popular phishing scam is “you’ve exceeded your mailbox quota” and it subsequently asks you to enter your username and password. These are just a few different examples, but they all have the same goal – to get your private and personal information.
It’s often said in IT Security, that the largest vulnerability is the end user. Conversely, an educated end user can be your best line of defense. Here are a few simple tips users can follow to protect themselves against a phishing attempt:
• Never respond to requests for personal information via email. Legitimate businesses and organizations will never ask for password, credit card numbers or other personal information in an email
• Never enter personal information in a pop-up screen
• Never click on any links listed in an email message. Copy and paste the URL into the address bar of your browser.
• Use anti-virus and anti-spyware software, as well as a firewall, and update them regularly.
• Always check the URL of website carefully to make sure they are accurate. Often times, phishing websites will use an obscure variant of the legitimate URL for their phony website.
In the State of South Dakota, our school districts are fortunate to have a state provided, statewide K-12 Email system. As part of the provision of this email service, a lot of effort goes into combatting dangerous emails like phishing emails. In the month of February, the K12 Data Center processed almost 62 million emails for South Dakota’s 152 public school districts. Of those, approximately 23.5 million malicious emails were blocked from getting to end users in these districts. However, a few do slip by. If a user receives a suspicious email, we ask that they send that message to help@K12.sd.us.