We received word today from our counterparts at TEA of a recent increase in ransomware attacks on K-12 schools and higher education. The most common attack vector has been through phishing emails. In previous incidents, cyber actors exfiltrated employment records that contained personally identifiable information (PII), payroll tax information, and other data that could be used to extort victims to pay a ransom.
Tips to avoid becoming a victim of email phishing:
Be wary of any message containing the “External Email” warning banner – especially those claiming to come from co-workers. Email from anyone within Midway ISD will not have the external banner.
Do not open unknown file attachments. If you are unsure of an attachment, contact the sender via phone and verify the email is valid before opening it.
Hover your mouse cursor over links in email to see the destination address. If it is different from the URL in the message, it is probably a phishing email. Look out for variations such as .com and .net, and for character substitutions, like a “1” in place of an “l”.
Be suspicious of messages that contain threats, request urgent action or create fear. Hackers use these emotions against us in hopes we will forget our training and make irrational decisions.
If you receiving a phishing email, please forward it to firstname.lastname@example.org and delete the message.
Thank you for your help. Our best defense against these sort of attacks is our well-trained users.