Message from Keven Elder and Gregg Ferrie re Phishing

To:All School District 63 Staff

Date:July 18, 2016

From:Superintendent Keven Elder

NOTICE FROM THE SUPERINTENDENT

This notice is to all holders of @sd63.bc.ca School District 63 email addresses.  You've heard this from our information technology leaders, and now from your superintendent.

It is of critical importance to the school district that you NEVER click on a hot link in any email that you receive unless you know it to be legitimate, such as when someone you know is sending you information you are expecting.  A person that you know from HR might send something asking you to click to complete a form, or someone you know from IT might send something asking you to click to see the latest posting on the Hub.  If you are certain, you can click on those embedded links.

But there are numerous emails that are unexpected and unsolicited and are trying to draw you into clicking on a link, perhaps saying you need to verify or change a password, or see an important message.  They may even appear to be from the school district.  When you click on a link offered by someone claiming to be Zimbra, or IT, or HR, or your bank, as opposed to someone you know, you have fallen prey to a phishing attack and that is extremely harmful for the school district.

Clicking an embedded phishing link triggers mass spam emails being sent repeatedly from your email account to government organizations, businesses, community agencies, school districts and more.  When that happens, a blocking process kicks in meaning that all of those organizations block ALL communication from @sd63.bc.ca coming or going.  That is a huge problem for the school district when the entities we cannot be in communication with include the Ministry of Education (including in regard to financial matters), post-secondary institutions, businesses and more.  All because one person clicked on a link and compromised their account and our email system.

Here are some examples of types of emails you will receive that will invite you to click a link, and which you MUST immediately delete:

  • A fake notice purporting to be from our IT department saying something like "click here to verify your account/change your password."
  • A fake notice purporting to be from Zimbra, Google, Paypal, eBay, or the like, telling you to click to verify your account or password.
  • A fake notice from a bank, perhaps even your bank, saying something like "your account has been compromised, click here."
  • An email from someone you know, whose email address has actually been hijacked, saying something like "great picture of you, click here to see it."

If you click on these links, two bad things will happen.  First, our entire district will get blocked, which takes days or weeks to undo.  For that period of time our ability to do business as a school district is severely hampered. Second, we will disable your account.

Thank you for understanding.  This email is sent with respect, and with sincere wishes that you are having a great summer.

Keven

_______________________________________________

To:All School District 63 Staff

Date:June 28, 2016

From:Director of Information Technology

Phishing Attacks

School District No. 63 maintains a robust and well-managed email system designed to facilitate electronic communication for our staff. All of our incoming email passes through sophisticated email filtering systems. Even though these filters eliminate thousands of incoming spam messages per day, occasionally a few manage to pass through. These messages are designed to fool users into giving up personal information, which has two important consequences.

Threats to you and the School District

The first is identity theft. Phishing emails are designed to gather personal information in order to hijack your assets or steal your identity to open credit accounts in your name. This is a very real threat and is now a daily occurrence throughout the world including Vancouver Island.

The second is the impact it has on the school district and our email system. When users click or respond to phishing emails they immediately compromise the school district email system. The users email is then used to launch phishing attacks on other organisations. Like us these organisations respond to phishing attacks by blacklisting the entire organisation and will subsequently block all email from that source. The result is that our valid email will not be received by these organisations and important communication will be lost. 

What to do if you think an email message is suspicious

Over the past few years, the district IT department has sent out several emails about the importance of this issue. Again we reiterate: the district IT department (or banks, credit card companies and so forth) will never send an email asking you for your ID and password or require you to verify personal information by clicking a link or open an email attachment. If you are in unsure or in doubt about the veracity of an email - delete it.

If you have clicked on a phishing link

If users do respond to phishing attacks through clicking of links, opening of attachments and so forth, the users email account has to be suspended. We will then arrange to have one of the district technicians make a personal visit and provide training on how to spot phishing emails.

For more information on Phishing attacks please go to:

RCMP – E-mail Fraud / Phishing

School District No. 63 Hub Support Site

regards

Gregg


Last modified: Thursday, 21 July 2016, 9:04 AM