Thursday, February 9, 2017

Spear Phishing in February

Are you a clicker?

This is a simple yes/no question, but in our context it may be the difference between just another day at school and something far worse.

KnowBe4 is a security company that specializes in "Security Awareness Training." They report that 91% of successful data breaches start with a Spear Phishing attack. KnowBe4 refers to “Clickers” as those who are most likely to click on a link within a bogus email message, subjecting themselves and their employers to a malicious phishing or virus attack.

So what is Spear Phishing? Spear Phishing is an email message sent by cyber criminals that appears to be from a trusted source, but is not. The email message is designed to steal confidential information through deception.

There are untold number of ways to deceive via email. A popular method in Illinois school districts is this one: “Subject: A document has been shared with you.” The message goes on to say that someone you know is trying to share a document with you and to get this document you need to share out your email address and your email password.  Here is a great diagram that shows what to look for in such a message:

Why do we keep informing Barrington 220 users about this matter? The problem is getting worse and the tactics are getting better. Recently, a local Illinois school district fell prey to an attack via an email message that goes something like this:

Please reply with a copy of all employee W2’s as soon as possible. The info is needed for the next board meeting.

In this example, the human resources employee, Susan, knows Jennifer is a school board member, but what she does not realize is that the email address is bogus. Susan then sent all of the district’s W2 information to an unknown individual in another country. Ouch! A bad day for Susan, as well as several hundred other staff members.

Many of us work with sensitive information on a regular basis. Your system passwords need to be kept to yourself. In addition, always consider the “who, what, why, and how” when it comes to sharing sensitive information that you have access to. This holds true for any method of sharing information—whether it be email, Google Docs, or a file sharing utility such as Dropbox.

When in doubt—pick up the phone and call the person who requested the information. Ask questions.

When in doubt—consult with your supervisor about sharing confidential information.

When in doubt—check it out!

Are you a clicker?

No comments:

Post a Comment

Barrington 220 and MobileMakersEdu Present Ken Kocienda

Barrington 220 staff and students are invited to attend an upcoming guest speaker presentation at Barrington High School. Ken Kocienda wrote...