Phishing scams target schools by posing as a legitimate person or organization – i.e., an administrator, parent, publisher, or superintendent – to gain access to confidential data, such as login credentials for financial accounts or student data. These phishing scams can occur through social media, emails, or even phone calls, and can target anyone from administrative roles to teachers and other faculty.
Educating employees on the most common signs of a phishing scam is essential to keeping your school protected and minimizing the chance of a data breach.
Here are three tell-tale signs of a phishing scam. Schools should train all employees on recognizing phishing attempts through these red flags and what to do when they spot one.
1. Suspicious Requests for Information
A key red flag for phishing scams is a suspicious message, phone call, or other outreach that asks for sensitive information, like login credentials. Legitimate organizations don’t usually ask users to send login information out of the blue – especially not without using their official protected login platform (i.e., Blackboard or a publisher like McGraw-Hill wouldn’t ask you to email your password; if they needed you to log into your account, they’d more likely send you a link to their secure login page).
Further, employees should avoid clicking on any links in suspicious messages, as doing so may infect their computer with malware. When in doubt, they should try accessing the login page from scratch on their browser instead of using a link or sending credentials. Employees should be trained to immediately contact the school IT administrator to investigate any potential phishing scams.
2. Poor Grammar and Spelling
Another common trait of phishing emails is that they often contain numerous spelling and grammar errors. Employees that take the extra time to read these emails carefully will often notice several spelling mistakes within the message. Of course, it is essential to always be extra cautious with any message that is asking for personal information, even if it contains perfect English. While you would think faculty would be more likely to notice these issues given their profession, they are also very busy and tend to need to read emails quickly which can cause them to miss these obvious signs.
3. Sense of Urgency
The vast majority of phishing scams create a sense of urgency by trying to persuade an employee to make an immediate decision without considering the consequences. Look for language like “act now,” “urgent” or “due immediately.” Scams might include an urgent ask for invoice payment resubmission, access to payroll information, student data or other sensitive information.
Unfortunately, these fear tactics are often the key to a successful phishing attempt. Employees should always keep in mind that a legitimate organization will never initially reach out to ask for personal information. Frequently scheduling IT security training sessions can play a key role in helping employees recognize these common phishing schemes in the workplace.
Safeguarding School Data Overall
Phishing attempts continue to pose a significant risk for schools. Ensuring faculty and staff understand the best ways to identify and react to these scams is essential to keeping your school protected and avoiding potential data breaches.
Further, holistic approaches to school security can help administrations develop multi-faceted security plans that protect against not only phishing, but also ransomware, data loss and other vulnerabilities from multiple directions. Investing in a managed service provider, for example, allows schools to place their IT security in the hands of experts whose job it is to design, deploy, monitor and manage school security on an ongoing basis.
Peters & Associates is a managed IT security services provider with specialists on staff that focus on school security. Contact us today to find out how we could bolster and manage your security plan.