Email is an excellent communication and productivity tool, and it is also a hacker’s paradise. Local school districts and organizations have fallen victim to disastrous attacks impacting the entire organization despite their investment in highly advanced security software and tools. We need to have the mindset that this could happen to us. This email is intended to share the current reality that we live in.
Even the most sophisticated security software will not stop 100% of the dangerous email messages from entering your inbox. Once in a while, something will get through. At that point, it’s all up to you. You are our last and best defense and you must be very suspicious about every email containing links or attachments or asking for personal information. All it takes is one click on a malicious link or attachment and the results can be incredibly destructive to the entire organization.
What could this look like?
1
|
You receive an email with an attachment or shared document from someone you aren’t expecting and click on a link or Open button in the email.
|
|
2
|
You enter your username and password into what looks like the website.
|
|
3
|
The attacker collects your username and password.
|
|
4
|
The attacker could distribute / sell your username and password to other cyber criminals.
|
|
5
|
The cyber criminal would use your credentials to login to any website that uses the same, or similar, usernames and passwords.
|
|
6
|
Once someone has access to your account they could lock you out of your account, steal information that your account has access to, or impersonate your likeness using your account.
|
|
Suggestions and Tips:
-
Use a different password for each site. Use a passphrase, not a hard-to-remember, complex password. Remember that spaces are a valid character. Don’t use personal data. If you have not changed your password in a long time, change it. Use a password manager. Use Multi-Factor Authentication wherever possible.
-
Never open attachments or click on links received in an email from someone you do not know. Do not reply directly to the message. If you think it might be legit, verify the sender’s identity and intention via a separate email or a telephone call. Otherwise, simply delete the message.
-
Be suspect of all attachments and links, even if the message appears to come from someone you know. Hackers can very convincingly pretend to be someone else. If you were not expecting something from that person, do not reply directly to the message. Validate the information with them via a separate email or a telephone call before accessing anything in the email message.
-
Preview all links before opening them by hovering your cursor over each link; the specific URL that will be accessed will display in the lower left hand corner of your browser. Do not click on a link if you don’t recognize and trust the site.
-
Never provide your account credentials or personal information via email. The School District of Beloit Turner, or any other company, will not ask for passwords via email.
-
If you encounter a pop-up window alerting you that your machine is infected with a virus or has some other problem, do not click on anything in the popup window despite how convincing or urgent it may sound. Contact someone on our technology team immediately.
-
Finally, trust your gut instincts. Be suspicious. Malicious emails are often missing information, have misspellings, are from generic department emails, lack proper signatures and contact information, or just don’t sound right. Do not access anything in the email message if you are ever unsure whether an email message is legitimate or a scam. Contact technology support for assistance. When in doubt, simply delete the message; if it was genuinely legit and essential, the sender will follow up.