Every day we are inundated with attempts to access students’ Personal Identifiable Information (PII)--one of the top data bought and sold on the dark web.
In a typical 90 day period, Highline employees received a total of 19 million emails from outside our system. More than 90 percent of those emails were blocked as spam or suspicious. Only about 5 percent of the total emails we received were authentic and not dangerous.
The most common phishing attacks are via email. One click on an infected attachment can expose all your personal information and bring down the district’s network.
Here’s how to protect yourself and our students’ information:
- Never give out your password or any sensitive information (social security number, date/place of birth, mother's maiden name, educational/employment information) in response to a phone call or email. Highline staff will never ask for this information by phone or email. If you are asked, be suspicious.
- Use only your Highline Outlook (highlineschools.org) or Google (g.highlineschools.org) address for all communications, including communication with students. Personal accounts are less secure.
- Change your email password often to actively combat potential threats.
Cyber attacks are continually evolving. Please submit any suspicious emails to eHD.
How to detect phishing:
Emails from outside the organization come with a yellow caution bar at the top of the message. Example:
"CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. This email was originally sent by: xxxxxx"
Spammers and hackers use spoofed email addresses that appear to be someone you trust. The caution bar shows the actual sender.
When you see the caution bar:
- Slow down. Scrutinize the sender’s address in the caution bar. If you don’t recognize it, assume it is a risk and ask IT if there is a safe way to verify the sender.
- If you receive a suspicious email, ask IT before clicking on a link or a download. Links and downloads are the biggest risks to data security.
- If the email is requesting sensitive information, phone to confirm the request--especially if you are being pressured to act quickly. Use the school directory or another source, not a number provided in the email.
If you are suspicious or unsure of what you should do:
- Create an eHD ticket.
- If you clicked a link or opened a file, change your email password immediately.
Spoofed Phone Calls
A caller may claim to be an employee and request information or an action. If the caller ID on your desk phone appears as a 10-digit number (e.g.1-206-631-XXXX), this is not an internal call. An actual internal call will always appear as the 4-digit extension.
If the caller imitates Highline personnel, you should:
- Hang up. Do not give any information.
- Report it. Submit a ticket. Include your extension, time, date and the nature of the call (Marriott Hotels, Chinese message, Credit Card Scam, Microsoft Scam). We will submit these to the FCC.
These are real attacks against Highline Public Schools.
Imitations of Colleagues
The scammer imitates a colleague by using a name from our directory. They may request information about students, staff or request an action, such as purchasing a gift card.
What to do: Send to your building tech.
In the example below the scammer reached out to a staff member claiming to be the schools Principal and was asking the staff member to pay out of pocket to purchase iTunes gift cards. Note in the message the scammer has poor spelling and grammar. They also include a sense of severe urgency, to try and prevent the staff member from questioning or investigating the request.
Example 2In the example below the scammer tried to message staff information in order to get them to click on an email link.
In the example below the scammer tried to start a conversation with Doug. Doug recognized and immediately sent it to his building tech.
Request for Information
The scammer emails and requests that you open a pdf or Word document, which will either infect the computer with a virus or trick the recipient into surrendering their user credentials. Never use your any user login or password to open a document that comes from an outside source.
What to do: Alert your building tech so they can investigate and protect against future like actions.
The below image shows identifiers of a malicious attempt.