Email/Network Securityfor CCISD Staff
Clear Creek ISD Technology Department
July 2018
Don’t Be a Victim! – Scenarios in this presentation have happened to CCISD users
Who are the newest actors/ perpetrators?
3
People who want to make you believe they know you!
Email Decision-MakingQuestion Yes No
1 Do you know the sender? Proceed to #2
Do NOT click on any link.
Call the sender if in doubt.
Delete the email.
2 Were you expecting something? Proceed to #3
Do NOT click on any link.
Call the sender if in doubt.
Delete the email.
3
Is there a request for:
A. CCISD login/password
B. Money (gift card, check, wire
transfer),
C. Information (ID, SSN, DOB,
account name/number, IP Address), or
D. Change in information (account
name, number, address)?
Stop! Do NOT click on any link.
Call the sender for
confirmation before clicking or
proceeding with any action.
Proceed to #4
4
Does the URL or email link look
familiar after hovering over the link
(but not clicking on it)?
Proceed Cautiously.
If there is any doubt, then stop,
and call the sender.
Do NOT click on any link.
Call the sender if in doubt.
Delete the email.
4
You cannot be too nice! If the email was important, the sender will call you.
Don’t be a victim.When in doubt, call the sender/requestor
before you click or send!5
http://www.nbcdfw.com/news/local/Hundreds-of-Argyle-ISD-Employees-at-Risk-for-Identify-Theft-After-Data-Breach-411370795.html
Victims are informed that the quickest and easiest way to pay fees (before more interest is added) is by purchasing iTunes gift cards.
Once they’ve done this, all they have to do is give the criminal the 16-digit code revealed underneath the peel-off label on the back.
"Companies are experiencing a wave of phishing scams that target employee paychecks. Here is the scenario:
6
1. An employee receives from a company email account e-mail that mimics a familiar and trusted company service or resource, such as an e-signature request or a request to complete a survey.
2. The e-mail asks the employee to click a link, access a website, or answer a few questions.
3. Then it directs the employee to “confirm” his or her identity by providing his or her complete log-in credentials. Skeptical employees who question the request via reply e-mail receive a prompt response purporting to verify that the employee should complete the steps contained in the link.
4. The threat actors then use the employee’s log-in credentials to access payroll portals, reroute direct deposits to other accounts, and wreak other havoc upon the employer’s network.
https://blog.knowbe4.com/scam-of-the-week-wave-of-payroll-direct-deposit-phishing-attacks
Latest targeted phishing attack
7
Before clicking on a link, hover over it and look at the URL. Notice this URL does not show ccisd.net.
This was a malicious email in which over 1,000 CCISD employees clicked on the link. If you click on a link, do not ever type your account password from a link without verifying the authenticity. You could be giving someone your password!
Safe Email Practices How to Identify and Avoid Phishing/Scam Email
• When in doubt, don’t click; ask for help from the Technology Help Desk @ ext. 44357 or call the sender if you know him/her.
8
Never provide your username, password, DOB, SSN, IP
address, or personal banking info from a request in an email
Look for misspellings, bad grammar, vague information,
and/or unfamiliar email addresses.
Use common sense and logic; if it looks too good to be true, it probably is.
Think before you click; don’t be too hasty to reply or open
a suspicious email, attachment, or
embedded web link.
Beware of requests for money or information.
Sense of URGENCY
Most Common Passwords(If your password is on this list, or a
variation from this list, then change it!)
123456 666666 1q2w3e football monkey trustno1 astros
12345 1234567 1q2w3e4r freedom mynoob welcome rockets
111111 7777777 1q2w3e4r5t google passw0rd whatever longhorns
123123 12345678 abc123 hello P@$$w0rd birthdate pooraggies
123321 123456789 admin iloveyou qazwsx last name patriots
123456 987654321 dragon letmein qwerty school mascot spurs
555555 1234567890 zxcvbnm login qwertyuiop cowboys Movie refer.
654321 123qwe asdf;lkj master starwars texans idontcare
9
Most common variations include special characters (! = 1, $ = S, @ = a, 0 = O) and adding a number or letter to the end.
Disassociate personal communication from your CCISD email.
Do NOT send any of the following to or from your CCISD mailbox:
• Banking information
• Credit card statements
• Bills
• Personal business
Otherwise you risk:• Co-mingling of threats
• Public Information Requests
10
Social Media• FBI recommends disabling LinkedIn
• It is easy to do a search by position, entity, or keyword (HR, finance, project, chief, analyst, assistant), then send a phishing email to see who will respond
• If someone responds to something benign, then they can generate a targeted/spear phishing email and impersonate you or someone you know
• Otherwise, they have to know you and look for you
• Gives enough information to gain access to your CREDIT with answers to background questions
11
Lockdown what you can
12
13
CCISD will never send you an email telling you your account will expire or be terminated, or send you a link to set up your Outlook account with a link.
14
CCISD will never send you an email telling you your account will be deactivated, or send you a link to activate your Office365 account.
15
CCISD will never send you an email telling you your account will be deactivated, or send you a link to activate your Office365 account.
In this email, even the link looked like Office365, but it was a virus.
16
CCISD will never send you an email asking you to verify or check your Skyward account (or any other account).
In this email, even the link looked like Skyward, but it was a virus.
18
The following emails are legitimate emails from CCISD. Notice they all have the CCISD star or logo, and the emails were sent to CCISD-Info.
There are no links to select to activate/deactivate or verify an account.
19
20
Phone Calls from “Microsoft” or “Windows” Tech Support
• If you receive a phone call from someone who claims to be from Microsoft/Windows Tech Support, hang up the phone.
• Microsoft is a billion dollar company; they do not call individual users.
• Do not ever give out your IP address or any personal information to people over the phone or via the internet unless you know who they are and you initiated the conversation.
21
Email/Network Security Best Practices
• Don’t open email attachments that are unexpected or from
someone not known – when in doubt, call the sender.
• Be aware of executable files embedded in email attachments.
This a common way for hackers to send malicious code (Virus,
Malware, Ransomware) to your PC/Network
• Be careful with embedded web links in emails. A common trick used
by hackers is to redirect to malicious web sites used to gather your
personal information.
• No systems are 100% effective stopping malicious emails from
getting past safeguards.
• Never give personally identifying information, including IP address
or passwords via email or over the phone. (You may be required to
change passwords in known CCISD Accounts)
22
Don’t be a victim.When in doubt, call the sender/requestor
before you click or send!
23
Beware of urgency: Scammers are likely to send
requests conveying a great sense of urgency,
hoping that an unsuspecting employee will send
now and think later.
The scammers will make the employee believe
they will be reprimanded by a high-level
administrator if they do not act on the request
immediately.
URGENCY
Think Your Email/Network Security Has Been Compromised? Now What?
• Reset your CCISD password
• From the @Work link, select the Single Sign-On Portal/Password Reset
Tool (https://ssoportal.ccisd.net), and select Forgot Password OR “Click
here to reset your CCISD password.”
• Call the CCISD Technology Helpdesk 4-HELP (4-4357)
• Send suspicious emails to [email protected]
24
Select@Work
25