Fresno Unified School District
PhishBowl
Post
Scammers tell all kinds of stories to get you to send money or information. Scammers may impersonate a government agency and say you owe a fine, or may pose as a person you know who needs money for an emergency. A scammer may offer a fake job but say a fee is needed before you get hired.
KnowBe4's Threat Lab recently observed a phishing campaign targeting the educational sector. Over 30 days, 4,361 threats were reported, originating from 40 unique sender domains. 65% of these domains were compromised educational institution IDs. The intent of the attacks was to harvest credentials resulting in potential data loss, compromise, and further phishing emails.
Bad actors are utilizing text messaging scams to trick victims into believing that they have unpaid tolls and fines.
Fake e-mails can even come in the form of a fake retirement counseling. In the above example, this reads as a reasonable e-mail, but came from outside FUSD and the link was malicious.
A secure message or fax is a common lure for staff to click on a link. If you receive a “fax” message from someone or service you are unfamiliar with, it is most likely a phishing attempt or will download malware to your computer.
Here is another example of an impersonated principal. The first clue that the email did not come from a principal or district leader is that the email came from a free email service, such as Gmail, Yahoo, or Live Mail. The district does append messages when an email could be fraudulent or a potential phishing attempt. To thwart a possible scam, confirm the communication in a predetermined method, such as a phone call to a number you already know.
Bad actors will try to get you to click on links in various ways. This example demonstrates a fake voicemail message. If you click the link identified in the image, you will receive a login screen. The bad actors collect your credentials and will log in into your email and other district services to send more spam and collect as much sensitive data as possible.
This example is a variation of a fake invoice designed to have you download malware or a link to a phishing website. The first clue is that the email was sent to eBay Australia and not directly to you. If you did not engage or purchase the company in the email, do not respond or click on links.
A typical phishing scam leverages the reputation of popular services like Microsoft Office 365, Google, Facebook, Twitter, and other platforms. The scammers encourage users to click a link by creating a false sense of urgency with statements like your account or password will expire. An easy way to identify the phishing message is to look at the sender’s email address: notices will never come from Gmail.com, Outlook.com, or any other free email provider. Also, watch for emails from other school districts or companies that wouldn’t make sense. Question any email that contains the yellow caution banner. Don’t fall for the scam!
Finland is working to stop a flood of text messages of an unknown origin that are spreading malware. Many of the messages claim that the recipient has received a voicemail, asking them to open a link. On Android devices, that brings up a prompt that requests the user to allow installation of an application that contains the malware, and on Apple Inc.’s iPhones users are taken to other fraudulent material on the website, authorities said.