• Cyber Safe  
     

    Phishing


     
    Phishing is a simple and effective technique for Hackers and Identity Thieves to gain access to your accounts and identity. They may also install malware on your computer that can relay your sensitive information back to them, you would not even know it has been done.
     
    Phishing - to try to obtain financial or other confidential information from Internet users, typically by sending an email that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake website that replicates the real one. 
    Spear Phishing - a phishing attach that targets a particular group in order to trick the recipients into providing the login credentials or other sensitive information. An example of this form of phishing is the email below that appears to come from CEO Eric Gordon.
     

    Slow down - Verify 

    Most phishing attempts prompt you to do something quickly -"perform this software update now or your system is at risk!" The phishers are trying to make you think on the spot. They know most people will see the scam but they only need one click to make it worth their while. Phishing has about a 5% success rate.
     
     
    Before responding to any type of request asking you to perform any type of action-especially financial or personal identity related, please verify the sender’s email address and the address of the hyperlink (note the URL opposite the arrow).
     
    Phishing email  
     
    Links within the email body may go to other unexpected websites. If an email looks suspicious- look up the company by going directly to their website or use a trusted source to find contact information for the recipient. 
     

    Hints & Tips:

    The Department of Information Technology (DoIT) will not:
    • place time limits on login (such as within 48 hours).
    • ask for your username and/or password in an email.
    • lock you out of all services.

    Additional Information:

    What to do if you believe you have received a Phishing email?
    • Do not provide personal information to any unsolicited requests for information
    • Avoid questionable Web sites
    • Practice safe email protocol:
      • Don't open messages from unknown senders
      • Immediately delete messages you suspect to be phishing or spam

    What can email phishing scams do to me?
    • After you've responded to a phishing scam, the attacker can:
    • Hijack your usernames and passwords
    • Steal your money and open credit card and bank accounts in your name
    • Request new account Personal Identification Numbers (PINs) or additional credit cards
    • Make purchases
    • Add themselves or an alias that they control as an authorized user so it's easier to use your credit
    • Obtain cash advances
    • Use and abuse your Social Security number
    • Sell your information to other parties who will use it for illicit or illegal purposes

    How Will I Know?
    Phishers often pretend to be legitimate companies. Their messages may sound genuine and their sites can look remarkably like the real thing. It can be hard to tell the difference, but you may be dealing with a phishing scam if you see the following:
    • Requests for confidential information via email or instant message
    • Emotional language using scare tactics or urgent requests to respond
    • Misspelled URLs, spelling mistakes or the use of sub-domains
    • Links within the body of a message
    • Lack of a personal greeting or customized information within a message. Legitimate emails from banks and credit card companies will often include partial account numbers, user name or password.
    If you are compromised
    You should change your password immediately.
     
    If this email was on your District email account, you should contact the CMSD Department of Information Technology' Help Desk at 216.838.0440 or help_mon@ClevelandMetroSchools.org.
     
    If this was on your personal email/computer you should report the scam to the United States Computer Emergency Readiness Team. If you provided personal information for an account (like a bank) that could be used for identity theft or fraudulent activities, you should contact the company immediately.