Phishing

Phishing scams are social engineering attacks and are one of the most prevalent, and dangerous, types of cybercrime that individuals and organizations around the world are currently facing.  

 

Phishing is a term that originated in the 1990s and alludes to attackers using online lures to “fish” for users’ sensitive information.

In a phishing scam, a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

Below is a sample phishing email.  Click on the various i icons to learn about the signs you can detect to help you determine if an email is a potential scam.

 

Frequently Asked Questions

How come phishing scams “get through” to us?


The volume is immense: Based on research, a district our size is collectively faced with +40,000 malicious emails in our inboxes every year. Cyber crime industry is huge, and “threat actors” can make big money. Tactics and content change constantly. There’s a delicate “filtering” balance to allow emails in that people need to receive and keep emails out that are fraudulent. Too loose and everything gets through, too restrictive and many external emails you should receive don’t come through at all. The fact is no matter how good your security, a small percentage of phishing emails will always reach your users’ inboxes.




How can it impact the district?


As we’ve seen many times in the news, the damage from phishing threats for organizations can be catastrophic, with many breaches costing millions, harming the organization’s reputation and destroying relationships with stakeholders.




How can it impact me?


In addition to potential damage to the district, individuals are equally if not more likely to experience significant hardship in falling for a phishing scam. If successful, phishing cybersecurity attackers can possibly: - Hijack your usernames and passwords - Steal your money and open credit card and bank accounts in your name - Request new PINs or additional credit cards - Make purchases - Add themselves as an authorized user so it's easier to use your credit - Use and abuse your Social Security number - Sell your information to other parties who will use it for illicit or illegal purposes




How do I keep myself safe?


Learning to detect and avoid clicking on links in phishing scams is the best line of defense for both yourself in your personal life and for your organization. If you aren’t sure, always err on the side of caution. You can also forward the email to our Learning Technology Department Help Desk to confirm (help.desk@sd23.bc.ca). Note: if you ever do click on a link in a phishing scam, you should be sure to change your current password (that goes for any other sites/applications you might access that use that same password). This is also why we highly recommend you do not use the same password across multiple sites.




What about Vishing?


Vishing is a cybercrime that uses the phone to steal personal confidential information from victims. Often referred to as voice phishing, cybercriminals use savvy social engineering tactics to convince victims to act, giving up private information and access to bank accounts. Some quick tips to protect yourself from a Vishing scam include:
- Be cautious anytime anyone calls you and creates a sense of urgency/pressure
- Never trust Caller ID (scammers can easier spoof a number to look like it is coming from a legitimate organization)
- Never provide personal information over the phone unless you initiated the call (say for example with your bank)
- If you believe the phone call is a Vishing scam, simply hang up




What about Smishing?


A form of phishing, smishing is when someone tries to trick you into giving them your private information via a text or SMS message. Smishing is becoming an emerging and growing threat in the world of online security. Some quick tips to protect yourself from a Smishing scam include:
- Don’t reply to text messages from people you don’t know
- Don’t click on links in text messages unless you know the person they’re coming from
- Simply delete any text message that you believe is a Smishing scam