PhishBowl

The Department of Motor Vehicles has a public notice that Californians are receiving deceptive text messages that appear to come from the DMV. These texts warn that the customer has failed to pay a toll. The DMV will never send a text message to ask for personal or financial information. If one is received, do not open or reply to the message. 

As K-12 education increasingly provides more global learning experiences, schools increasingly send staff and students abroad for cultural exchanges, academic competitions, service trips, and more. While these trips offer incredible educational value, it also exposes the school staff, especially trip leaders and chaperones, to serious digital and data security risks.

FBI Denver Field Office agents have increasingly see a scam that involves a free online document converter tool. These free online document converter tools load malware onto a victim's computer and leads to incidents such as ransomware. 

The common pitches utilized by online scammers trying to get you to panic and click on a link, hand over personal information or money, or download an attachment has become ineffective. Per Kendall McKay, strategic lead for cyber threat intelligence at Cisco's Talos division, says that phishing email subject lines moved from phrases such as "urgent request" or "payment overdue" to terms like "request," "forward" and "report."

Scammers tell all kinds of stories to get you to send money or information. Scammers may impersonate a government agency and say you owe a fine, or may pose as a person you know who needs money for an emergency. A scammer may offer a fake job but say a fee is needed before you get hired.

KnowBe4's Threat Lab recently observed a phishing campaign targeting the educational sector. Over 30 days, 4,361 threats were reported, originating from 40 unique sender domains. 65% of these domains were compromised educational institution IDs. The intent of the attacks was to harvest credentials resulting in potential data loss, compromise, and further phishing emails. 

Bad actors are utilizing text messaging scams to trick victims into believing that they have unpaid tolls and fines.

Fake e-mails can even come in the form of a fake retirement counseling. In the above example, this reads as a reasonable e-mail, but came from outside FUSD and the link was malicious.

A secure message or fax is a common lure for staff to click on a link. If you receive a “fax” message from someone or service you are unfamiliar with, it is most likely a phishing attempt or will download malware to your computer.

Here is another example of an impersonated principal. The first clue that the email did not come from a principal or district leader is that the email came from a free email service, such as Gmail, Yahoo, or Live Mail. The district does append messages when an email could be fraudulent or a potential phishing attempt. To thwart a possible scam, confirm the communication in a predetermined method, such as a phone call to a number you already know.