Ransomware and Phishing Alert

As you may have heard, one of our neighboring school districts recently experienced a Ransomware attack, requiring them to close in-person school for the day and potentially longer. Academic organizations, especially PK-12 public schools, colleges and universities, are among the top targets for ransomware and computer-related attacks. Now is the time to be even more vigilant and  be careful what you click.

Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. The threat is real and something we all need to be aware of.  

Some examples of phishing attempts that our own users have clicked on include bogus notifications that a Netflix or Disney Plus subscription has been cancelled, fake alerts regarding packages from Amazon or Costco which have been returned, or even messages that appear to be from someone within the district.

Email on behalf of a department at Pal-Mac such as hr@palmaccsd.org or it@palmaccsd.org should be treated as a potential phishing attempt. While there are some unique cases where you may receive an attachment from the district such as your paystub,  you should always be wary of files, documents, and links that you are not expecting to receive.

Employees were asked to install KnowBe4's phishing tool to your gmail.  If you have not installed this tool, directions can be found online at palmaccsd.org/phishingtool.  Please note this will redirect you to our online help documentation site - which you can safely visit directly by typing palmac.helpscoutdocs.com in your browser.

The district has made KnowBe4's Home Internet Security online course available to all employees at no cost.  Visit http://knowbe4.com/homecourse and use the password 'homecourse' to access.  We encourage you to use this resource to help not only yourself but your family become better aware of these attacks on your digital identity.

The number one way you can protect yourself is to  BE CAREFUL WHAT YOU CLICK!

Thank you for helping us keep our network, data, and your information safe.

Jake Glasgow
Information Security and Data Protection Officer

Chip Dolce
 
Director of Instructional Technology

Some additional information on how to protect yourself from phishing attempts
First, please do not forward potential phishing emails to ask for verification.  Assume it is a phishing attempt and either use the KnowBe4 hook tool or just delete it.  

Check the actual email address of the person who sent the email.  

  • The display name could be a person that you recognize - but the email does not match.  This is called spoofing and is the number one way people are fooled by scammers.  Email spoofing is when a cybercriminal forges an email so that it appears to have been sent by someone else.  See below - you can always click on show details to get more information about who the email is actually coming from.  The name might be one you recognize but the actual address won't match in a spoof. 
  • Be very careful clicking on any links in email messages. 
    • These are hard to avoid as many legitimate links are distributed via email such as shared documents, surveys, etc.  If you are ever unsure of a link from someone you trust, simply open a new browser window and either manually type, or, copy/paste in the hyperlink yourself. 
    • Clicking on links that appear in random emails and instant messages is never a good idea. Hover over links that you are unsure of before clicking on them. Do they lead where they are supposed to lead?
    • A phishing email may claim to be from a legitimate company and when you click the link to the website, it may look exactly like the real website but it's actually a fake designed to capture your sensitive information. It's better to go directly to a site than click on a questionable link.

Examples of Phishing Emails that our users have clicked on

Fake Amazon account issue (phishing scam)

Bogus Bed Bath & Beyond Coupon Offer

Request for updates / password changes from the IT department (spoof using IT@palmaccsd.org)

Email spoof of an employee that does not exist

Email phish from a known secure email provider (with bogus sender and subject) 

 Apple shutdown notification - phishing scam