Spear Phishing in February
Are you a clicker?
This is a simple yes/no question, but in our context it may be the difference between just another day at school and something far worse.
KnowBe4 is a security company that specializes in "Security Awareness Training." They report that 91% of successful data breaches start with a Spear Phishing attack. KnowBe4 refers to �Clickers� as those who are most likely to click on a link within a bogus email message, subjecting themselves and their employers to a malicious phishing or virus attack.
So what is Spear Phishing? Spear Phishing is an email message sent by cyber criminals that appears to be from a trusted source, but is not. The email message is designed to steal confidential information through deception.
There are untold number of ways to deceive via email. A popular method in Illinois school districts is this one: �Subject: A document has been shared with you.� The message goes on to say that someone you know is trying to share a document with you and to get this document you need to share out your email address and your email password. Here is a great diagram that shows what to look for in such a message: http://bit.ly/220Phish
Why do we keep informing Barrington 220 users about this matter? The problem is getting worse and the tactics are getting better. Recently, a local Illinois school district fell prey to an attack via an email message that goes something like this:
In this example, the human resources employee, Susan, knows Jennifer is a school board member, but what she does not realize is that the email address is bogus. Susan then sent all of the district�s W2 information to an unknown individual in another country. Ouch! A bad day for Susan, as well as several hundred other staff members.
Many of us work with sensitive information on a regular basis. Your system passwords need to be kept to yourself. In addition, always consider the �who, what, why, and how� when it comes to sharing sensitive information that you have access to. This holds true for any method of sharing information�whether it be email, Google Docs, or a file sharing utility such as Dropbox.
When in doubt�pick up the phone and call the person who requested the information. Ask questions.
When in doubt�consult with your supervisor about sharing confidential information.
When in doubt�check it out!
Are you a clicker?
This is a simple yes/no question, but in our context it may be the difference between just another day at school and something far worse.
KnowBe4 is a security company that specializes in "Security Awareness Training." They report that 91% of successful data breaches start with a Spear Phishing attack. KnowBe4 refers to �Clickers� as those who are most likely to click on a link within a bogus email message, subjecting themselves and their employers to a malicious phishing or virus attack.
So what is Spear Phishing? Spear Phishing is an email message sent by cyber criminals that appears to be from a trusted source, but is not. The email message is designed to steal confidential information through deception.
There are untold number of ways to deceive via email. A popular method in Illinois school districts is this one: �Subject: A document has been shared with you.� The message goes on to say that someone you know is trying to share a document with you and to get this document you need to share out your email address and your email password. Here is a great diagram that shows what to look for in such a message: http://bit.ly/220Phish
Why do we keep informing Barrington 220 users about this matter? The problem is getting worse and the tactics are getting better. Recently, a local Illinois school district fell prey to an attack via an email message that goes something like this:
Susan,
Please reply with a copy of all employee W2�s as soon as possible. The info is needed for the next board meeting.
Thanks,
Jennifer
In this example, the human resources employee, Susan, knows Jennifer is a school board member, but what she does not realize is that the email address is bogus. Susan then sent all of the district�s W2 information to an unknown individual in another country. Ouch! A bad day for Susan, as well as several hundred other staff members.
Many of us work with sensitive information on a regular basis. Your system passwords need to be kept to yourself. In addition, always consider the �who, what, why, and how� when it comes to sharing sensitive information that you have access to. This holds true for any method of sharing information�whether it be email, Google Docs, or a file sharing utility such as Dropbox.
When in doubt�pick up the phone and call the person who requested the information. Ask questions.
When in doubt�consult with your supervisor about sharing confidential information.
When in doubt�check it out!
Are you a clicker?
Comments
Post a Comment