refers to an email or a text message from a hacker asking you to click on a link. It’s probably the number one way for hackers to infiltrate your accounts and educational institutions are the number one target for this kind of attack. Phishing can be very sophisticated. Emails might look like they come from your bank. They might even come from one of your board’s accounts that has been compromised and is being accessed by criminals to launch more attacks. The subject might be appropriate, logos might look real. Phishing emails are very quick and easy to set up and send out and are very hard to defend against.
Attackers only need a few clicks on a link and some personal credentials to cause widespread problems.
This content can be viewed in video format.
Clicking on the link is dangerous because some websites contain malicious software such as viruses and malware. Things get even more dangerous if the website asks for your username or password, and you give it to them. A hacker now has the keys to your house and damage can escalate very quickly.
Attackers can access:
- All your emails and contacts and access any private and confidential personal, family and student information in your emails.
- Your account could be used to gain access to sensitive/private information in your board’s student or business online systems. They can then pose as you to launch an internal and external attack .
- If you use the same password for other accounts, such as banking or social media, they can potentially access these accounts too.
- They can potentially steal from your bank account. They can potentially steal your identity – or other people’s’ identities.
- The Board email system can be blocked by email service providers and other systems.
- The Board internet connection could shut down as our accounts send out malicious emails across the world.
All Ontario school boards IT departments use firewalls and email filtering in an attempt to catch phishing emails before they get to you. However, some will always get through. This is where you come in. You are the last line of defence. You don’t have to be a techie, though. All you need to do is to think carefully, and be cautious when you read through your emails.
Tips and Tools to Help you Spot a Phishing Attempt
Notes: See the markers on the image above, matching them with the list item below
- Ask for password. IT Department will never send you an email asking for your password. If you get anything like that, it’s probably phishing
- Logos: Look at the logos and wording! Do they look real? Does the grammar make sense?
- Sender’s address: Look at the sender’s address. Does it look strange? Remember, many phishing emails are also generated by compromised school board accounts. So, even if the sending email address looks legitimate, you still need to question it.
- Links: Does the email ask you to click on a link? If it does, treat it as suspicious. Hover over the link. Look at the web address. Does it make sense? Is it secure? (shown by ‘https’ at the start). Even if it looks like a legitimate email from a bank or a company regarding a promotion, don’t click on the link. Securely access your account via your browser bookmark and go to the promotion from there. If all seems legitimate and you click on the link. Did you go where you were expecting? Is it still secure? Are they asking for your password?
If you click on a bad link or provide your password, then you need to change your password immediately. If it’s your board account, contact your IT Department immediately to inform them what happened and forward them a copy of the original phishing email