Potential SPAM email

Several people received an email that they thought was SPAM. They reached out to me to check. Here is my response:
Thank you for reaching out to me with a suspicious email. In this day and age, it is extremely important to make sure that you don’t fall for phishing attempts.
My Dad taught me long ago to “measure twice, cut once”. That advice is relevant here, check twice and make sure before you click on the link.
I thought that I would share what I look for in evaluating this email:
1. The From email address does seem legitimate. However, this is incredibly easy to mask, so not a very strong indicator of legitimacy (hover your mouse over the name on a computer)
2. a “recent change in your work status”. I haven’t had a “recent change in my work status, so my spidey sense is starting to activate.
3. “in the Company’s benefits plans”. Wait a minute, they don’t know which Company that I work for? Spidey sense is tingling.
4. Hm. The link seems familiar. I’ll type this into a browser (NOT CLICK on the link in the email. when I do, I get an error message (This site can’t be reached…) Spidey sense is buzzing like crazy now.
5. The phone number. Hm.

6. “Your Benefits Manager”. Not a real person. I know people who work in the Benefits Department.

Inbox (51) - pattert@dearbornschools.org - Dearborn Public Schools Mail 2018-06-18 07-42-09.png
Given all this information, this is either an incredibly badly written email from a contractor or a Phishing Attempt (a special type of SPAM designed to steal your information).
I would mark this as SPAM and move on.

iLearn Lockdown Browser

by Chris Kenniburg & Troy Patterson

Students who cheat on tests should be VERY worried!

Whether it is opening up a new tab and searching for an answer or logging out and logging back in with a different account ( or any number of creative ways students cheat), in K-12 circles it seems to be a never ending fight to prevent students from cheating.  This is especially true when using most online testing websites.

We are creating a secure testing environment for students by utilizing a combination of a Chromebook App and a new Secure iLearn Quiz Module.

This process is tightly integrated with iLearn and Chromebooks. This process will now allow you to eliminate cheating (at least by preventing students from opening additional tabs or windows – they could still write out answers on their hand) and focus on building good assessments to better gauge student learning.

Our Chromebook App is launched by the student before actually logging into the Chromebook (the student never logs into Chrome, but will log into iLearn – which is the only page accessible in the App). An audible “Chime” noise is produced so that the teacher knows the student has entered the testing application. This provides the teacher  with an audible alert know if a student leaves the testing environment during the testing period.

Once logged in, the App enters into testing mode in which there is no going back.  Absolutely. No. Going. Back.  Once a student clicks a link to open a quiz, they can only go forward until they complete the quiz. (A student may go back to previous questions or pages within the quiz but they are blocked from leaving the quiz module.)  They cannot use navigation buttons to leave the quiz module.  Following completion of the quiz, they must shutdown the Chromebook in order to logout.  There is no logout or ability to leave a quiz.

Oh… we didn’t mention the new Moodle Secure Quiz Module (in development now) which looks to make sure the student is using the using the Chromebook Testing App! This effectively eliminates the ability of the student to login and take the test in any other way other than within our controlled and secure testing app on a chromebook controlled by the school district.

Gmail Update

The new Gmail update has rolled out. We’ve started training on the interface (it really doesn’t take much training, but there are additional features that you can utilize).

One of the “hiccups” in the new Gmail interface was that .wav files (phone messages) wouldn’t play. This has now been resolved.

New Drive Look and Feel

Google Drive UI updates

Google is making some updates to the look and feel of Google Drive on the web. There’s no change in functionality, but some icons and buttons have moved, and there’s a range of visual tweaks to align with Google’s latest material design principles. Google built that this new interface to create a responsive and efficient experience for Drive users, and to feel cohesive with other G Suite products, such as the recently redesigned Gmail.

Specific changes include:

  • The logo in the top left has been changed to the Google Drive logo.
  • Our Dearborn Students First Logo ( Students First Logo) is now in the top right.
  • The Settings icon has been moved in line with the search bar.
  • The Help Center icon has been moved in line with the search bar.
  • The page background is now white, not gray.
  • The “New” button has been updated.
  • The font used for headers has been changed.

These changes will be rolling out in a couple of weeks.

New Gmail Interface

Google is rolling out a new interface for Gmail.

There are some nice features in the new interface.

  • Tasks are now integrated. (Combined with the new Google Tasks App (Chrome Extension, iOS App, Android App), this means that Tasks are now really usable).
  • Calendar is now integrated.
  • Smart replies
  • Snooze email (Schedule it to return to your Inbox)

 

You will have the option to transition to the new Gmail. You have to enable it manually by

    • clicking the cog in the top-right corner,
    • clicking Settings,
    • then choosing Try the new Dearborn Public Schools Mail.

 

  • You can go back to the Classic view by following the same steps

 

**Please be aware the voicemails will not play within the browser (no .wav files will play). Thus, you would have to add to Drive or Download a voicemail to listen to that voicemail. Google is currently working on the issue. 

 

Integration with Calendar, Tasks, Keep

Along with the new Gmail, Google is launching a revamped Google Tasks and making it, as well as Calendar and Keep, easily accessible in Gmail from a right-side panel.

This may be my favorite feature. The right hand side now has buttons which reveal Calendar, Keep and Tasks. Tasks become a supported useful feature. Drag an email to the Task list and then archive the email. You can also create (and easily switch amongst) multiple Task lists.

Bolder warnings

Spam and phishing emails are a part of our everyday lives and from now on, you’ll see bolder, bigger, redder warnings when an email looks suspicious.

Smart replies

After launching on the mobile apps, Smart replies are coming to the web Gmail interface too. For short messages and answers, this is a quick way to get things done without crafting an elaborate reply.

Nudges

We’ve all been there: you get an email and hope to reply to it today, maybe tomorrow at the latest. Fast forward two weeks and that email is still hanging in your inbox and you are actively trying to avoid looking at it again. Gmail will start nudging you to follow up with emails you’ve received a few days ago and neglected.

Quick actions, snooze, view attachments

If you hover over any email in your inbox, you’ll see a few quick action icons that let you archive, delete, mark as read, RSVP to invites, and snooze the email so it shows up later. Attachments will also display as small and easily accessible chips below the email.

Logo With Account Name

The Dearborn School Logo will be moved from the left hand side to the right hand side with your name. This really helps with identifying which account that you are currently in.

Dearborn Logo next to account image

Overview Video

 

Security on the Internet

Security on the Internet is a bit like Baskin Robbins, there are 31 flavors. Only, on the Internet, there are way more than 31 flavors. One of those flavors are certificates. (This is designated by https as opposed to http.) Certificates try to make sure that you are going to the site that you think that you are going to. They do this by issuing a certificate that is installed on the web server AND registered.

Unfortunately, Symantec played a bit fast and loose with certificates. Thus, Symantec certificates are no longer “Trusted”. Any web site that uses Symantec for their certificates will now show up with the scary message that “Your connection is not private”. There will be a big button that may say “Back to safety”. (There is also an ADVANCED button (not highlighted), that will allow you to continue to the site.)

Privacy Error Message screenshot

Unfortunately, some of these are legitimate. For example, the screen shot above is from our Destiny system (Library service from RESA). This is a completely legitimate site. It is safe to visit. However, given the message above, I’m sure that most people would not go on.

We have contacted RESA to update their certificate.

Although you should not automatically trust every site that presents this message, some are OK. It is crucial to know which sites are which. Generally, if there is a concern, don’t move on.

COPPA

COPPA is a federal law that impacts Dearborn Public Schools. We must follow COPPA.

COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.

So, how does COPPA impact us? Well, let’s take a look at a free resource that teachers might find useful with students. PowToon is used to create “awesome videos and presentations”. (Naturally, there is also a paid version).

However, we need to take a look at their Privacy Policy. They will note that they are COPPA compliant, because:

Our website, products, and services are all directed to people who are at least 13 years or older.

This means that students must be at least 13 years old in order to use this service, unless the school and the parents sign off on the creation of that account. Since the district would be responsible for tracking and monitoring that permission, we do not allow students under the age of thirteen to create accounts. (PowToon is one of just thousands of websites that have this requirement).

So, if you work with students who are under the age of thirteen, you need to make sure that any web services that you use are COPPA compliant. (The Department of Technology & Media Services regularly vets sites for compliance).

Online Safety and Security

Jim Fisher has a really nice write up about a potential scam. There are several good tips in his post. This also highlights the importance of being vigilant.

I recently received an email from Netflix which nearly caused me to add my card details to someone else’s Netflix account.

He did the right thing in checking the source of the email, but even that was legitimate.

“Odd,” I thought, “but OK, I’ll check.” The email is genuinely from netflix.com, so I clicked the authenticated link to an “Update your credit or debit card” page, which is genuinely hosted on netflix.com. No phishing here. But hang on, the “Update” page showed my declined card as **** 2745. A card number I don’t recognize. Checking my records, I’ve never seen this card number. What’s going on?

The crux of the scam is to create an account on Netflix and hope that the “real” owner of the account doesn’t notice the billing. However, this is just one way to potentially scam folks. This kind of information could be used in a variety of ways to scam individuals.

I don’t necessarily agree with everything that he says, (Netflix really should do a better job of confirming that you actually have control of the email account), but the message is important.

Just another reminder that in today’s world, it is truly important that you understand what is happening and why.

(*By the way, although the “dot” trick will work with generic Gmail addresses, it will NOT work with our work set up).

Follow

Follow this blog

Get every new post delivered right to your inbox.

Email address

Skip to toolbar