Phishing Testing to begin in April

Phishing testing to begin in April

Our district recently purchased a service for phishing testing and we will begin work before the end of this month.  If you have questions – drop me a note at abelingb@wdmcs.org.  

Q1. What is phishing?
A1. Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

 

Q2. What is phishing testing?
A2. It’s when fake emails are sent to users for training purposes.  By sending out fake messages and attempting to get users to click on links, open attachments, and potentially give up passwords – we help identify users that need additional training for how to recognize fake emails that attempting to get access to your account.

Q3. So our own school district is sending out fake emails to try to “catch” staff members? Huh? Why?
A3. Yes, we are asking a company to send out fake emails to help us measure how well our staff are doing in determining if emails are fake or not.  Phishing attacks are one of the largest and easiest ways for scammers to not only access your email account and computer – they are also using these methods to access to your personal accounts including online banking (if you’re one who uses your school password for your personal accounts).   

Q4. Who are the messages being sent to:  Staff or students? Both?
A4. At this time, we are only focusing on @wdmcs.org staff members.

Q5. When will it begin?
A5. We are starting right away in the month of April.


Q6. How often will it happen?
A6. We are aiming for once a month per staff member.  Also, we will NOT be sending out phishing tests during the busiest times (end of the school year or start of the school year)

Q7. Will everyone in the district get the same emails?
A7. No.   The emails will be sent at random times and only a number of staff members will get the same message. Over time, each staff member will see a variety of phishing examples/types. 

Q8. When I get an email that I think is suspicious – what should I do with it?
A8. Please mark it as SPAM.  Make sure the email is selected and then click the SPAM icon (the stop sign icon with an exclamation point). This will delete the email and notify Google to have the message reviewed.

Q9. What will the emails look like?
A9. We are not sharing what the emails will look like. However, they will be comparable to the standard phishing scams that you’ve seen before.

Q10. When exactly will they be sent?
A10. We will not be sharing exactly what will be sent or when it will be sent –  instead, we are notifying staff that phishing testing will start in the month of April.

Q11. How will I know if they are fake or not?  What guidance can you give me to help understand what might be fake?
A11. We recommend the following sites for helpful tips on identifying phishing scams:

https://www.techrepublic.com/blog/10-things/10-tips-for-spotting-a-phishing-email/

https://blog.returnpath.com/10-tips-on-how-to-identify-a-phishing-or-spoofing-email-v2/

http://blogs.quickheal.com/can-you-spot-a-phishing-email-take-this-test-and-find-out/

Q12.  Is someone keeping track of who falls for the phishing emails?
A12. Yes, the company we hired is monitoring the emails and they track what message types are sent to which users, as well as what users fall for the phishing messages.

Q13. If I fall for one of the phishing or fake emails – what happens?
A13. If a phishing message contains a link – and you click on the link,  the next screen will identify that it is part of our phishing testing and it will point out the indicators and help explain why the message should have recognized as being fake.

Q14. Are their consequences?  Will my supervisor be scheduling a meeting with me if I accidentally fall for one of the phishing emails?
A14. Initially, there will be no consequences, we are using the testing to find out how well our staff is doing at handling these types of email.   If we find there’s a significant problem, we’ll then look at assigning online training to the individuals who need it.

Q15.  By doing these phishing tests, are we asking teachers to do more work?
A15. No.  We’ve always asked you to mark spam/junk mail when you see it –  and this is no different.  In fact, if you’re already good at spotting fake messages/junk mail, then nothing will change for you, you’ll end up deleting these messages and you’ll never have to worry about being asked to take additional training.

 

 

 

2 thoughts on “Phishing Testing to begin in April

  1. Julie Conzett

    This needs to be better explained to the staff. If I get an Email that I don’t recognize I delete immediately. Now I am being asked to click on it and analyze it. Frankly I don’t feel teachers have the time to do that.

    Reply
    1. Brian Abeling Post author

      Hi Julie – thank you for adding this, as we don’t want this to be confusing, so let me help straighten this out.

      As you’ve mentioned, you have always deleted items that are junk mail – and we want you to continue to do that. We do NOT want you click on spam/phishing emails. You are completely correct – we are NOT asking you to click or analyze anything, as you don’t have time for that, and its not what we are asking you to do.

      However, since we are now the source for a few of these messages, we felt it is was important to tell staff that we are doing for training purposes, so that we can find out if the problem is significant in our district.

      Brian Abeling
      abelingb@wdmcs.org

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s