Phishing Season

Happy ALMOST Back to School.
​We (and other school districts) are seeing an increase in phishing ​activity.
Phishing is the practice of sending out emails that purport to be from a legitimate, reputable company in order to get users to reveal sensitive information (such as passwords and credit card numbers). 
​We recently deleted a couple of emails received by thousands of Dearborn Public Schools members that were phishing attacks. Unfortunately, a couple of users clicked on the links and entered their information.
Protecting your user name and password is critical to the security and safety of our district. Many users have access to very sensitive data.

Tips for spotting a phishing attack:

  • Do you know the sender? Although it is easy to fake the return email address, you should still check to see if you know the account.
  • Does the language seem appropriate for the person?
  • Does something just seem “funny” about the email?
  • Hover your mouse (if on a computer) over the link without clicking on it. It should reveal the URL of where it is actually going. (So, if it supposed to be sending you to Apple, but the URL is http://apple.scammer.com, that isn’t right).
  • Be wary of links in emails: Type links into the Location bar in your browser instead of clicking on the link in an email.
  • There is some kind of threat or urgent request in the message.

Here is a Phishing Flyer with tips (reposted from a couple years ago).

Securing your accounts

There are several things that you can do to make your account more secure:

  • Be careful on clicking links in email
  • Use a passphrase manager – (this allows you to have a unique password for every site you visit) (Note that most of these are not free). 
  • Turn on 2 Factor Authentication – this will require you to receive a text message or use a known device as an extra step to log in. This means that if someone does know your passphrase, they still can’t sign into your account without that device. 
  • Be very cautious about where you are entering your user name and passphrase.
*This impacts personal as well as work email.
So, how do PHISHERS get your email? There are a couple of ways:
  • from the address book of someone who has had their account phished
  • from breaches of online services
Please note that there have been many breaches of information. Here are a few:
  • Facebook
  • EquiFax – one of the sites that provides credit reports
  • Macy’s
  • Addidas
  • Sears
  • Kmart
  • Delta
  • Best Buy
  • Saks Fifth Avenue
  • Lord & Taylor
  • MyFitnessPal App
  • Panera
  • Forever 21
  • Sonic
  • Whole Foods
  • PumpUp (Fitness App)
  • And more….
Your user name and password to a variety of sites may be available to people with bad intent. The breaches above may have revealed not only your email address (which can be used in future attempts), but also your password to that account. Since many people use the same password over and over, this means that bad guys may have access to other accounts. For example, if someone@somewhere.com uses the password mydogsname for their MyFitnessPal app (which was previously hacked), they may also use that same combination for Amazon. Bad guys will attempt to use that combination on Amazon. Now the bad guys can order from Amazon and someone@somewhere.com will receive the bills.
How can you tell if your email has been breached?
Have I been pwned is a web site where you can enter an email address to see if it is available to phishers.

New Google Log in screen

Those eagle eye users will notice a difference in the Google Log in page over the next couple of weeks. No need to worry, it is planned and legitimate.

Currently, the log in box looks like this:

Current Google log in box

Soon, it will look like this:

New Google Log in box.

Some of the changes will include tweaks to the Google logo, an outline around the text field, and center alignment of all items on the screen.

iLearn Question Tagging

Standards disclosed in the tag section.

We are excited to offer the ability to tag your Quiz questions in iLearn with Common Core Standards. The standards (Language Arts, Math and Science) are available under Tags in each question. You can either scroll to find the one that you want (there are an awful lot of them), or enter part of the standard (to filter) and then select. This will allow you to create quizzes with certain standards. This will also allow us to better create questions that are identified as meeting certain standards.

Standards disclosed in the tag section.

Required badges

Happy Summer!

Every summer, our current required badges expire on June 30th. We are currently reviewing the courses with a variety of groups to determine updates. We expect the courses will once again be available at the beginning of August.

All of us need to complete the required courses (currently there are four such courses ADA, Bloodborne Pathogens, OCR, and Response to Bullying Behavior). These courses will be available on the MyPD site in August.

FREE SCECH’s

REGISTER for REMC Virtual Courses today!

Registration is now open for sessions offered July through October 2018

Click Here for July – October Course Registration!

– REMC Virtual Courses are FREE and open to all Michigan school personnel

– You can take courses “just to learn” or you can complete all assignments (SCECH credits are available for successful course completion)

Below are the sessions offered July 9 – 27, 2018

All Courses for July 2018

Using Google for Learning: DOK and SAMR     Authentic Learning and Gamification

OER - The What, Why and How     Social Media - Innovation through Authenticity

Potential SPAM email

Several people received an email that they thought was SPAM. They reached out to me to check. Here is my response:
Thank you for reaching out to me with a suspicious email. In this day and age, it is extremely important to make sure that you don’t fall for phishing attempts.
My Dad taught me long ago to “measure twice, cut once”. That advice is relevant here, check twice and make sure before you click on the link.
I thought that I would share what I look for in evaluating this email:
1. The From email address does seem legitimate. However, this is incredibly easy to mask, so not a very strong indicator of legitimacy (hover your mouse over the name on a computer)
2. a “recent change in your work status”. I haven’t had a “recent change in my work status, so my spidey sense is starting to activate.
3. “in the Company’s benefits plans”. Wait a minute, they don’t know which Company that I work for? Spidey sense is tingling.
4. Hm. The link seems familiar. I’ll type this into a browser (NOT CLICK on the link in the email. when I do, I get an error message (This site can’t be reached…) Spidey sense is buzzing like crazy now.
5. The phone number. Hm.

6. “Your Benefits Manager”. Not a real person. I know people who work in the Benefits Department.

Inbox (51) - pattert@dearbornschools.org - Dearborn Public Schools Mail 2018-06-18 07-42-09.png
Given all this information, this is either an incredibly badly written email from a contractor or a Phishing Attempt (a special type of SPAM designed to steal your information).
I would mark this as SPAM and move on.

iLearn Lockdown Browser

by Chris Kenniburg & Troy Patterson

Students who cheat on tests should be VERY worried!

Whether it is opening up a new tab and searching for an answer or logging out and logging back in with a different account ( or any number of creative ways students cheat), in K-12 circles it seems to be a never ending fight to prevent students from cheating.  This is especially true when using most online testing websites.

We are creating a secure testing environment for students by utilizing a combination of a Chromebook App and a new Secure iLearn Quiz Module.

This process is tightly integrated with iLearn and Chromebooks. This process will now allow you to eliminate cheating (at least by preventing students from opening additional tabs or windows – they could still write out answers on their hand) and focus on building good assessments to better gauge student learning.

Our Chromebook App is launched by the student before actually logging into the Chromebook (the student never logs into Chrome, but will log into iLearn – which is the only page accessible in the App). An audible “Chime” noise is produced so that the teacher knows the student has entered the testing application. This provides the teacher  with an audible alert know if a student leaves the testing environment during the testing period.

Once logged in, the App enters into testing mode in which there is no going back.  Absolutely. No. Going. Back.  Once a student clicks a link to open a quiz, they can only go forward until they complete the quiz. (A student may go back to previous questions or pages within the quiz but they are blocked from leaving the quiz module.)  They cannot use navigation buttons to leave the quiz module.  Following completion of the quiz, they must shutdown the Chromebook in order to logout.  There is no logout or ability to leave a quiz.

Oh… we didn’t mention the new Moodle Secure Quiz Module (in development now) which looks to make sure the student is using the using the Chromebook Testing App! This effectively eliminates the ability of the student to login and take the test in any other way other than within our controlled and secure testing app on a chromebook controlled by the school district.

Follow this blog

Get every new post delivered right to your inbox.


Skip to toolbar