Phishing - Don't Get Caught in the Net!
While the GST BOCES email system receives an average of 100,000 emails per day from the outside world, only about twenty percent of them actually reach the inboxes of their intended recipients due to email filtering which blocks emails from senders who are blacklisted as a result of the amount of phony emails they send. Even then there are emails that get through the filter for various reasons and often it is that the people perpetuating the phony emails have hijacked a legitimate email account for the sake of "phishing" - an attempt to get people to divulge personal information through email and fictitious websites.
Phishing is a very real problem which can lead to financial loss and identity theft on a personal level, and on an organizational level it can lead to devastating consequences which could affect every school district in our regional email system. Please use this information to guard yourself both at work and at home from getting caught in the Net.
How Does Phishing Work?
What are the Repercussions?
On a personal level responding to phishing emails can cause a number of problems. In 2010 over 300,000 complaints were filed with the Internet Crime Complaint Center including those that dealt with vehicle and real estate schemes. In a two year span vehicle scams alone results in over $44 million in loses to individuals. Besides monetary theft the number of identity theft victims continue to grow each year and many people spend years trying to repair the damage done.
For school districts in our region phishing schemes represent a catastrophic threat. Twice in the 2011-2012 school year staff in our region have provided their email addresses and passwords and both times the resulting spam emails generated crippled the mail system by sending out over 15,000 emails an hour. But that's only the tip of the iceberg.
Filters use blacklists to help keep the Internet clear of unsolicited email by giving mail providers a list of naughty email senders they can automatically block and keep away from email inboxes. Sometimes legitimate senders get caught in the crossfire and we as an organization become more likely to be added to a blacklist every time one of us falls for a phishing scheme.
If we become blacklisted, email will not be accepted by intended recipients and we will not receive email from them. We have already gotten blacklisted by one vendor and it took a tremendous amount of effort to restore our standing, but should it happen again our entire email system could cease to function with the outside world as well as all the other districts in our shared network.
The work it would take to create a new identity, create all new email accounts and change licensing agreements would cause a huge amount of financial strain in addition to having to direct a huge amount of manpower to throw at the problem. The best way for us to protect ourselves is to remember:
- NEVER respond to requests for personal information via email. Legitimate emails will NEVER ask for your username and password! When in doubt, call the institution that claims to have sent you the email.
- If you suspect the message might not be authentic, don't use the links within the email to get to a web page. Just delete the email.
- NEVER fill out forms in email messages that ask for confidential information.
What to Watch For
Phishing emails use common tactics to get you to take their bait:
- Generic Greeting
- Fake Sender’s Address
- False Sense of Urgency
- Fake Web Links
- Provide a link to sign up for a great deal
- Request you log in and verify your account status
- File Attachments
- Emails that look like a website
- Misspellings and Bad Grammar
The Anatomy of a Phishing Email
This is an email that a person in our region responded to. There are five warning signs that should cause anyone to doubt the legitimacy of this message:
- The sender of the email is not someone you know and the email address is not even from our email domain.
- The second sentence is nonsensical
- No one would cancel an account arbitrarily and any message like this would always come from your Technology Director.
- The sender wants you to go to a non-GST BOCES website to fill in personal information.
- The sender creates a sense of urgency to get you to respond in an unreasonable amount of time.