Phishing emails are a very successful social engineering attack that facilitate very lucrative cyber crime. It's easy to spot if you follow the below guide. Learning to detect phishing emails is an important part of our collective responsibility in keeping the school environment safe and secure. If you are unsure about an email, don't open any of the attached files or links, simply forward the email to the ICT Help Desk, we are always here to check the validity of the email for you.
1. CAUTION: If an email has a caution banner at the top, then the sender is not part of our school communication platform. Even if the display name is the name of a staff member, our school emails will never appear with the Caution Banner. A Caution Banner means be vigilant, the email is from an external source. Hackers obtain staff names from our school websites and social pages all the time, if an email has a staff members name and a CAUTION banner, 99.9% of the time that email is going to be a Phishing email.
2. EMAIL ADDRESS: Always check the email address matches the senders name, and that the email is in context. I.E. If the email is intermating that it's from iCloud, make sure the email address domain matches that statement, any inconsistences will point to a Phishing email. Remember that no legitimate business should be emailing from an email @gmail.com. Always make sure the domain is spelt correctly, Cyber-squatting is a term for when a domain is made to look like an existing brand, for example iCloud.com could be ic1oud.com, so be vigilant when you don't recognise the email address.
3: SUSPICIOUS ATTACHMENTS OR LINKS: Never open an attachment or click a link unless you are 100% confident that the message is from a legitimate contact. Ambiguous attachments or links, with (Important Read Me) or (Invoice) with limited message information, or grammatically incorrect text are often phishing emails. If you open an attachment that is infected with malware, you will potentially be compromising network security or sensitive personal information. A simple way to check before you open a link is by hovering your mouse over the area, the full address path will be shown, if the path is not consistent with the context of the message, don't click the link. Never enter school login details into a page to authenticate against an email link, it's going to be harvesting your login details, and you will be opening the school network up to possible ransomware attacks.
Follow this simple guide to keep yourself safe online at school and at home.