Frequently Asked Question

How do I avoid being phished or scammed by e-mail?
Last Updated a year ago

Introduction

E-mail is a common vector for people trying to take advantage of you.  These best practices will help you protect yourself against being phished or scammed.

Step 1: Look for signs that the e-mail might not be legitimate.

Carefully check the sender's name and e-mail address.  If it doesn't line up with what you'd expect, this is often a dead giveaway that the e-mail is not legitimate.

Does the sender's name correspond with the sender's e-mail address?

Does the e-mail have spelling, grammatical, or punctuation errors?  Note that intentional errors in an e-mail address can make it look like an official one.  Be wary of similar-looking characters, e.g. I, l, 1 (capital I, lowercase L, number 1).

Pay close attention to the sender's address.  It is easy to fake a name in an e-mail, but it's much harder to fake an e-mail address without getting caught by spam filters.  If your e-mail client doesn't display the full sender's address by default, seek this information out.

Avoid clicking links in e-mails if at all possible.  If you must click a link, ensure it is directing you to the right place, particularly the domain.

Step 2: Think critically about the e-mail.

Is this the first time this person has e-mailed you?

Are you being asked to do something out of the ordinary?

Are you being asked to interact outside of e-mail?  For example:

  • to click on a link
  • to log in to a website
  • to update your password
  • to download and/or open an attachment
  • to make a phone call
  • to send a text message

Are you being asked to provide sensitive information?  This can be either personally sensitive information, or sensitive information to the district?

Are you being asked to do something with money or money-equivalents, such as gift cards?

If you answered yes to any of these questions, it may be an attempt to manipulate you.  Act with care, especially if you're asked to work outside of e-mail, as this can be fraught with hidden dangers.

Step 3: Verify.

If you're unsure if an e-mail is suspicious, independently verify with the sender.  This is similar to how you should never give sensitive information on an inbound telephone call; you can never be sure of an inbound call's origin.

Do not trust the contact information provided by the sender; look up the contact information independently.  Often the simplest solution is to call them.

If you must deal through e-mail only, independently verify the sender's e-mail address, and send them a new e-mail message asking for confirmation.

Step 4: Take action.

If you determine an e-mail is illegitimate, make use of the junk e-mail tools to prevent it from being a problem for you and others in the district.  

In Outlook for Mac, select the e-mail in the message list, then select Message > Report Junk > Phishing.

In Outlook Online, select the message in the message list, then select Report > Report Phishing.

Uh oh!  I was duped!  What should I do?

You should advise the tech department through a ticket.  Please provide as much detail as possible, so we can help determine the extent of the compromise.

Depending on the nature of the compromise, you may need to notify others as well.


2023 update:

With the advent of AI technology many phishing scams now have much improved grammar.  There are also cases of voices being imitated by AI to resemble colleagues or loved ones.  Be wary of any request for financial transfers - particularly using unusual means like Western Union or Gift Cards.

Please Wait!

Please wait... it will take a second!