Phishing

Phishing

What is a phishing attack?

Phish.pngA phishing attack typically comes in the form of an email message. The attacker attempts to impersonate some familiar figure and convince the victim to visit a webpage via a URL, open a malicious attachment, or reply with sensitive information.

 

Watch the Google video below to learn more about phishing and scams.

What should I do if I receive a suspicious email?

  • Do not reply to the message.
  • Do not click on any links.
  • Do not open any attachments. Attachments can contain macro viruses that can infect your computer.
  • Delete the message.

What should I do if I provided my username and password?

Your password needs to be changed immediately. If you provided your HCPSS Active Directory password, it can be changed by navigating to the hcpss.me Links to an external site. web page and using the Change Password button at the bottom of the page. If you have any issues changing your password request help from a staff member in your building.

Change Your Password

How can I spot a phishing attack?

Spam email is normally the method for directing users to phishing web sites. Typical warning signs of phishing in emails are:

  • Sensitive Information: Phishing asks you for sensitive information such as your account passwords, social security number, credit card numbers, etc. Legitimate businesses and organizations do not request or provide sensitive information via email.
  • False Urgency: Phishing makes threats such as termination of services if you don't respond immediately. They want you to respond before you think!
  • Odd Grammar: Phishing may contain odd grammar, misspellings or unusual capitalization.
  • Copy Legitimate Sources: Phishing pretends to be from a trusted source such as your employer or bank and may include recognizable logos, addresses or names.

Legitimate sources will never email a link asking users to verify their account by logging in. Also, they will never send users an email alerting you that you are almost out of space and to "CLICK HERE" to get more space. While some email services send automated emails when users are approaching their email space allotment, the email does not ask users to click a link and login. These are the 2 most common ploys.

In the below example email, the attacker is requesting the student visit a website and enter their Active Directory account password. Notice the attackers used the HCPSS logo, which may make an unsuspecting person believe the email is from an official source.

 

From: "net-admin@hcpss.org" <janedoe125458@hotmail.com>
Date: Monday, March 23, 2018 at 3:42 AM
To:
Subject: Account Update Needed

hcpss-logo-outlined.png
Dear Portal User,

Due to high numbers of inactive portal accounts on the server, all users are advised to sign in to their portal account within 24 hrs of receiving this notice, using the link below, to confirm their portal account activity.

Use this link and this link to login and confirm your portal account activity.

Failure to update might process your portal account as inactive, and you may experience interruption of services or undue errors. Please kindly comply.

Thanks,
Network Administrator
Howard County Public School Syste

Howard County Public School System Information Technology Department

Feedback