Did you receive a phishing attempt?
On Thursday, June 18, 2020, District Technology Services (DTS) began adding the phrase [external] to the subject line of all email received that originates from outside of the St. Vrain Valley School District (SVVSD). We see more and more examples of phishing where someone uses a name and an email address similar to that of an SVVSD staff member.
It is important to know:
- Emails labeled with [external] are not necessarily dangerous. The addition of the [external] tag is to help users recognize the difference between an email from someone in the district and someone who is not part of the district.
- This change will only affect emails you RECEIVE in your SVVSD.org inbox. The subject line of emails you SEND from your district email will not be affected by this change.
- All Google Doc notification emails about file sharing will be labeled with [external] because they come from Google, not a SVVSD user.
- Emails labeled with [external] but using the name of a district user should be treated with caution
What should you do?
Take steps to avoid phishing attempts by slightly modifying your browsing habits. When contacted about an account needing to be “verified” or other suspicious activity, it is a sensible precaution to contact the person or company from which the email originates to check that the email is legitimate. Alternatively, you can type in the company’s genuine website into the address bar of the browser, rather than trusting any hyperlinks in the suspected phishing message. – Wikipedia
Report phishing to Google
If you receive an email that you believe is a phishing attempt, please follow these steps:
- Open the email, but do NOT click on any of the links
- Click the three vertical dots next to the Reply arrow in the top-right corner of the message pane
- Select Report phishing
Explore the phishing email series sent to district staff starting January 2017.
- Introduction. This is the first in a series of emails on how to detect and avoid phishing to protect our students and ourselves.
- Important. St.Vrain has worked hard to make it easy for our students and staff to access our systems with a single sign on.
- Weakest Link. St.Vrain has very secure technology systems. World-wide, scammers have found the weakest link to be us humans.
- Funny Looking. One of the best ways to to avoid being phished is to get in the habit of asking yourself these three questions.
- Sneaky Sneaky. One of the sneaky tricks cyber criminals use is to create web and email addresses very similar to the ones we know and trust.
- Before You Click. Before you click on a link in an email, hover over it with your mouse for a second.
- Red Flag. If you ever receive an email from the district (or anyone else for that matter) asking you to “Verify Your Account”.
- Eagle Eye. Attachments are one tool cyber criminals use to attack us. The text in the email may refer to an attached picture or document.
- Make a Call. If you suspect an email is not from the sender listed or you are concerned about its content, reach out.
- Not Only Data. Personal data and identity theft are not the only objectives of these cyber criminals.
- Be Forewarned. Data security is so important that standard District Technology Services procedure is to lock down.
- What To Do. One of the best ways for us in St. Vrain to combat phishing is to report suspect email to Google.
- Spear Phishing. In early 2018, over a dozen St. Vrain teachers and staff received emails that looked to be from their own principals.