— Update for WDMCS Staff –
Phishing FAQs
Q1. I received an mail from training@cybersafeworkforce.com titled “Reminder about Required Training” telling me I have a training module to do – is this legit?
A1. Yes, it is legit , training@cybersafeworkforce.com is the company that our district uses for our phishing testing and training.
Q2. What does this mean? If I opened and read the email – is that causing me to go through the training? How can I read my email without getting into trouble?
A2. Reading your email is ok. That’s not the issue… What causes you to get added to the training is when you click on the links and visit the sites that the phishing is asking you do – it’s these sites that either download viruses or attempt to gather information from you. Our advice: check who the sender really is, read the message and find out what they are asking for – is it a realistic request? Most of the time, the sender will be from some strange email address or they want you to visit some website that isn’t related to our district or the topic they are discussing.
Q3. I want to know exactly what email (date/time/content) caused the issue for me – can you tell me that information?
A3. Open a ticket with the techs (helpdesk.wdmcs.org) and we’ll contact that company and request the information. (Note: we don’t have the information – the testing is done blindly – meaning that everyone in the district is tested and no one knows when or what messages are sent. That also means that the tech department doesn’t know who passed or failed the phishing messages). But if you want to know – open a ticket with the techs, we’ll contact the company and we’ll find out.
Q4. What happens if I don’t do the training? is someone actually going to come after me?
A4. Anyone who has been assigned the training and does not complete it by March 30th, the company will notify HR, who will follow up with employees, just as they follow up with individuals who do not complete safe schools training.
Q5. Why don’t we just add this to the safe schools training and make everyone take it?
A5. We discussed that option, as we could have just assigned the training to everyone in the entire district. However, since the majority of people aren’t getting caught by the phishing messages – why would we assign them extra training?
Q6. I just received the following phishing email. I know that other staff members have received it as well. Will you be forwarding this to all staff to make sure everyone is aware?
A6. Back in the day when we only had a few phishing emails come through, I would have sent them out to all staff as a heads up. However, we’re now seeing such a large number of phishing related emails that we are no longer sending out notifications – it just happens too often to send notifications for each time. The best thing you can do is use the Mark as Spam button within your email. This will report the email appropriately.
Q7. I just got a phishing email… almost got me on that one, Brian. Nice try!
A7. Sorry to disappoint you – but I do not personally send out the phishing messages. The testing is done blindly by an outside company. By doing this – everyone in the district is tested and none of us know when it will take place or what the messages will be.
Q8. Why weren’t staff warned about this?
A8. We first notified staff about phishing training in April 2018 (https://wdmtech.wordpress.com/2018/04/17/phishing-testing/) Due to the nature of the testing, we will never notify staff of exactly which message will be sent nor exactly when it will be sent. Also, as noted earlier – the testing is done by an outside company, so we do not control the messages or the times they are delivered.
Q9. Why are we doing phishing testing? Don’t we have better things to do?
A9. I’m sure we have things we’d rather be doing – but a large portion of our staff fell for the fake phishing tests and the trend is clear: K-12 schools are the new target. Read more:
West Des Moines Community Schools Technology 