Tag Archives: spoofing

How to detect fake (“spoofed”) emails

Many people have recently reported receiving fraudulent messages that appear to be coming from John Bacon or other administrators, so I’m repeating an earlier warning that we sent out. Short version: if you receive an email from a colleague asking for any kind of personal information (or asking if you’re free, or asking for your phone number – those are common messages used by scammers), please check to make sure that their email address ends in @iowacityschools.org.

Email spoofing is a type of forgery that makes the email look like it’s from a boss or colleague in need. They will often send a short, vague and sometimes desperate email in attempt to get you to reply to the message. Recently, school districts (including ours) have been hit hard with these attempts.

You can generally tell that these are fake emails by looking at the email address the message is being sent from.  For example, the account doe.john@iowacityschools.org would be someone from the district and should be safe to reply to. However, an email from johndoe12@gmail.com, principaljohndoe@yahoo.com, or even doe.john.iowacityschools.org@gmail.com are fake and potentially malicious. These are only examples and this is not an exhaustive list.

Here are few email best practices put together by the Help Desk.

Do not send confidential or sensitive information via email.
Do not send money or gift cards via email.
Always verify the sender’s address.
Keep an eye out for a yellow or red warning across the top of an email.

As always, if you have questions or suspect a spoofed email, contact the Help Desk.

EMAIL SPOOFING ON THE RISE

Good Afternoon,

I’m sure by now you are all familiar with and have experienced email phishing, but today I’m reaching out to discuss another very popular tactic called email spoofing.

Email spoofing is a type of forgery that makes the email look like it’s from a boss or colleague in need. They will often send a short, vague and sometimes desperate email in attempt to get you to reply to the message. Recently, school districts (including ours) have been hit hard with these attempts. Just in the last week we’ve seen five building administrator’s accounts spoofed.

You can generally tell that these are fake emails by looking at the email address the message is being sent from.  For example, the account doe.john@iowacityschools.org would be someone from the district and should be safe to reply to. However, an email from johndoe12@gmail.comprincipaljohndoe@yahoo.com, or even doe.john.iowacityschools.org@gmail.com are fake and potentially malicious. These are only examples and this is not an exhaustive list.

Here are few email best practices put together by the Help Desk.

  • Do not send confidential or sensitive information via email.
  • Do not send money or gift cards via email.
  • Always verify the sender’s address.
  • Keep an eye out for a yellow or red warning across the top of an email.


As always, if you have questions or suspect a spoofed email, contact the Help Desk.


Thanks,

Josh Reynolds
Client Services Manager