The image on the right is a real warning from Google, sent to someone inside the school district. The one on the left is a phishing email which was sent to Hillary Clinton campaign worker Billy Rinehart and which enabled a serious breach of security for the campaign when he fell for it.
'Phishing' is a technique used by hackers to gain personal information from an unsuspecting computer user. In a phishing attack, a hacker usually sends an email that mimics a legitimate communication from a company or service provider with whom you might do business--a bank, for example, or an email service such as Gmail. The message will typically direct you to a fraudulent website where you will be asked to enter log-in information for the service. The user might be advised that their bank account has been compromised and that they should log-in to look at suspicious transactions. Or as in the example above, that someone has tried to access their email account and they should log-in to change their password. Of course, the fraudulent website only collects the information necessary for hackers to access your bank account or email. Phishing attacks can target any website with personal or financial information, such as eBay, PayPal, Facebook or other social media sites, and banks.
Fortunately with a little bit of diligence, phishing attacks are not difficult to avoid. Here is some information about identifying phishing scams and tips to keep your account information safe:
- Be alert to the usual signs. Many phishing attacks originate overseas and they may be poorly written, with misspellings and odd grammatical structures.
- Phishing emails may use scare tactics ("Your account will be closed unless you . . . ") or promises of gifts or rewards to entice you.
- They may mimic the look of a company's legitimate website.
- No legitimate company will ever ask a customer to provide account information in an email! Ignore any such requests. You should also never enter account or other sensitive information into forms embedded in emails.
- Make it a habit to visit websites by typing their addresses directly into the URL bar, and not by clicking on links sent in email. For example, if you receive credit card statements by email, don't click on the link in that email to pay your bill but instead type the company's address in directly. You can bookmark it to save time. Buttons and links sent in email should always be viewed with skepticism!
- If a website requires a log-in, make sure it's secure: the URL should begin with https: ('s' for 'secure') and you should see a padlock icon in your browser's URL window.
District employees who need to change their network and email passwords should follow this procedure:
1. Log in to a Windows computer (not a Chromebook or Mac) on the district network.
2. Once you are logged in, press Control+Alt+Delete. Choose 'Change Password' from the menu.
3. Enter your old password and your desired new one. You will be asked to enter the new one twice to confirm.
This process will change your network log in and your Google account password will sync with it within moments. Changing your password within Google will not work.
As always, please see your building's Technology Integration Specialist or fill out a trouble ticket if you have questions or concerns.