skip to main content

Phishing

GOPHISH EMAIL TRAINING

 

WHAT IS GOPHISH?

Employees receive fake phishing emails.  The hope is that nobody will click the links in the email.  If the link in the email is clicked, employees will be redirected to a webpage highlighting the clues that they missed in the email that suggests this was a phishing email.  
 

THERE IS NO IDENTIFICATION OF WHO CLICKS ON THE LINKS AND NO PENALTY FOR CLICKING ON THE LINKS (IF YOU CLICK THE LINK, YOU WILL BE THE ONLY PERSON THAT KNOWS IT).  

 
TIS is collecting data on the number of times the landing page is accessed so we can measure our progress as a district.  Our goal is to help educate employees so they do not fall victim to actual phishing emails when they come through.
 
  • Phishing - the fraudulent practice of sending emails purporting to be from reputable companies/people in order to induce individuals to reveal personal information, passwords, usernames, etc.
  • Ransomware - a type of malicious software designed to block access to a computer system until a sum of money is paid.
 
In combination with network precautions, this will further protect the network and data from outside parties who try to capture, hold ransom, or sell data.  If outside parties gain access to district data, then student, parent, and employee data can be compromised, sold, and used for personal gain.
Some of these are easy to spot and others are not.  These emails will start off easy, obvious, and almost hilarious, oddly they are patterned after actual phishing emails.  Our goal is that, over time, employees will be able to recognize these and NOT click the links.
 

WHY DO GOPHISH?

The online presence of employees continues to grow.  Increased data and communication online has lead to an increase in cyber threats.  
  • 82% of cyber threats are attempts to get money or gain access to critical network resources through email.
  • 92% of identity theft and financial fraud result from email spoofing or phishing.
  • 72% of publicly exposed personally identifiable information is due to unintentional or insecure digital behavior.
  • If usernames and passwords are compromised, data can be stolen or encrypted through something called ransomware (requiring payment of a ransom to release critical data).  
  • The average ransom for encrypted data was $36,000 per incident as of July 2019.
  • Four southern California districts had complete network shutdowns during the fall of 2019 due to ransomware attacks.  
  • Ransomware shutdowns disable email, phones, internal services, and the internet for up to one month.  In Louisiana, school was delayed for three weeks due to a state of emergency as the three largest districts were victims of ransomware.  
 

NOT SURE IF AN EMAIL IS A PHISHING EMAIL? THEN STOP, THINK BEFORE YOU CONNECT!

Phising Tips
Phising
TIS has tested this excellent, fun little quiz to see how good we do at spotting phishing.  It presents  8 examples of possibly phishing emails and has you figure out if they are real or not. Then, right or wrong, it will explain why it is what it is.  We encourage you to take the quiz!