Security Awareness: Combat Phishing and online scams

Security Awareness

Phishing attacks are on the rise every year, and Cybercriminals are getting more sophisticated, using generative AI and behavior learning models to find new ways to trick people.  It is important that we all stay up to date and diligent in order to keep our accounts and information safe.  LPOSD uses a training company called KnowBe4.  If you get an email from KnowBe4 telling you that you have a training, this is a legitimate company.  Ensure the URL is knowbe4.com, then click and go through the training.

Cybercriminals goals are to get people to act against their own best interest.  Phishing is the process in which cybercriminals try to trick you into giving out sensitive information or taking a potentially dangerous action, like clicking on a link or downloading an infected attachment.

They do this using emails disguised as coming from contacts or organizations you trust, hoping you will react without thinking first. These emails often have “red flags” or warning signs that may make you suspicious, such as asking you to take some urgent or unexpected action. Cybercriminals are often looking for anyone, regardless of their role, to fall for their scams so the cybercriminal can use their computer or account to scam others within the organization.  Once they have access to your account or your computer, they can use it to launch new attacks within the organization while pretending to be you.

What can happen?

Cybercriminals are trying to get as much information as possible, with the end goal of:

1. Getting access to a users accounts. (If they have access to your email account, they can read all of the emails that you have sent or received, including from payroll.  They can also request password changes to accounts linked to your email.)
2. Getting access to the users devices.
3. Getting as much information as possible about the users in order to get access to online accounts such as banking, social media, email and more.

Any of these breaches can cause long term damage to a user or an organization.

How can you stay safe?

• Stop.
• Look.
• Think.

First, NEVER ENTER YOUR PASSWORD or sensitive information like Social Security Numbers, account numbers, etc into online forms.

Second, NEVER CLICK ENABLE in Microsoft Word or Office documents that are sent to you in an email that you are not expecting. This allows Macros to run on your machine and can take it over.  This is an entry for ransomware and malware.

Criminals typically want to make you feel like you have to act urgently or something bad will happen.  Stop and review the message.  Is the email address from a known domain (lposd.org or a random gmail.com) that has just renamed the users first name and last to be someone you might recognize.

Are there hyperlinks in the email that are not correct with the text.  ie, a link to that says wellsfargo.com, but when you hover over it, the link actually takes you to wells-test.net.

Be suspicious and look for red flags.

What you can do?

If you think that you have received a phishing email, you can do one of two things.

• Email helpdesk@lposd.org and ask us to review it.
• If you think that it is phishing, select Report Phishing in gmail and it will be reported to the Help Desk.  It will also lock all similar emails in the domain as phishing.

If you feel like you may have fallen victim to a phishing scam or any security breach, DO NOT REMAIN SILENT.  Report it to the Help Desk at once by emailing helpdesk@lposd.org or calling extension 1001 from a district phone.  The longer you wait, the more likely that your account may be breached and information taken.

Comprehensive Phishing Document