Over winter break, we noticed a spike in email phishing reports, particularly those involving messages that claim to be sent from a district employee. A phishing message is an email that is designed to trick the recipient into providing personal or account information. Remember to never share key personal information, including your account usernames and passwords, social security number, financial information, or other sensitive personal data via email.
While our staff have worked during winter break to mitigate these issues from an email security standpoint, the rollout of those measures will take some time as we work to strike a balance between a higher rate of rejected messages and ensuring that legitimate messages are delivered appropriately. While our multi-factor authentication requirement protects district staff accounts, personal information shared with an attacker can be used to gain access to non-ICCSD accounts or for other purposes.
In the meantime, be on the lookout for this suspicious message flag at the top of emails that may be impersonating district employees:
If you see this message, please follow the directions shown, including verifying that the message is legitimate with the employee or department who sent you the message. Verification can be done via phone, email, or in person, but if verifying by email, send a message directly to the person whose name is on the suspicious message, rather than replying to the suspicious message. Sender names and addresses can be faked/spoofed, so you cannot rely on the listed sender being somebody that you know.
We’ll continue to work to improve our methods for blocking phishing messages before they get to your inbox. For more information, please check out the FTC’s guide to recognizing and avoiding phishing scams.