Phishing is the practice of sending out emails that purport to be from a legitimate, reputable company in order to get users to reveal sensitive information (such as passwords and credit card numbers).
Protecting your user name and password is critical to the security and safety of our district. Many users have access to very sensitive data.
Tips for spotting a phishing attack:
- Do you know the sender? Although it is easy to fake the return email address, you should still check to see if you know the account.
- Does the language seem appropriate for the person?
- Does something just seem “funny” about the email?
- Hover your mouse (if on a computer) over the link without clicking on it. It should reveal the URL of where it is actually going. (So, if it supposed to be sending you to Apple, but the URL is http://apple.scammer.com, that isn’t right).
- Be wary of links in emails: Type links into the Location bar in your browser instead of clicking on the link in an email.
- There is some kind of threat or urgent request in the message.
Here is a Phishing Flyer with tips (reposted from a couple years ago).
Securing your accounts
There are several things that you can do to make your account more secure:
- Be careful on clicking links in email
- Use a passphrase manager – (this allows you to have a unique password for every site you visit) (Note that most of these are not free).
- Turn on 2 Factor Authentication – this will require you to receive a text message or use a known device as an extra step to log in. This means that if someone does know your passphrase, they still can’t sign into your account without that device.
- Be very cautious about where you are entering your user name and passphrase.
- from the address book of someone who has had their account phished
- from breaches of online services
- EquiFax – one of the sites that provides credit reports
- Best Buy
- Saks Fifth Avenue
- Lord & Taylor
- MyFitnessPal App
- Forever 21
- Whole Foods
- PumpUp (Fitness App)
- And more….