Phishing Emails are becoming more and more popular as a way scammers can gain access to you. The goals of phishing scams vary widely and include hacking a system, stealing personal information, or convincing you to send money. Phishing emails are something to be aware of! To familiarize yourself with the concept, read how one student taught our staff about how easy it is for phishing scammers to reach us.
Maharishi School and Phishing Emails
One of our students, Shristi, taught our staff about how easy to is to mistake a phishing scam as a real email coming from a real person. Shristi demonstrated this by sending a series of phishing emails to our staff and other businesses within our community. Many of our staff fell into the trap. Shristi then explained the emails to our staff. Here is what she had to say:
Recently, you received two emails titled “Additional Benefits!” and “URGENT: Employee Contract Update” that seemed to be coming from Celeste Siemsen, but were, in fact, coming from me, Shristi. I am a 9th grader at Maharishi School and was sending these emails out to you as part of a science fair experiment. If you opened these emails, and clicked on the link, you saw an alert pop up that said that the emails you received were fake and were part of a phishing campaign for a science experiment. Had those emails been a part of a real attack, your information could have been used to compromise Maharishi School. I would like to thank you all for your cooperation and participation in this experiment and would also like to share some information with you to raise awareness about phishing.
What is Phishing?
Phishing is a type of social engineering attack which utilizes email as a way to obtain login credentials, gather information, or send malware to a user’s computer. These messages often entice targets to click a link to visit a malicious website or download a malicious file through a variety of ways including:
Appearing to come from a legitimate email address (These emails looked like they were coming from Celeste Siemsen)
Playing on emotions causing the target to act irrationally (showing sense of urgency, or luring you with a promise of benefits)
Legitimate looking websites and/or emails ( The website looked like a Google login page)
How many Maharishi School Employees Took the Bait?
71% of employees opened the additional benefits email and clicked on the link while 19% opened the contract update email and clicked the link.
Maharishi School is not alone. Every single day, 80,000 people take the bait! That is why 76% of the world’s companies and organizations reported falling victim to a phishing attack last year.
Why Should I Care?
Believe it or not, you are a target both at work and at home. You and your devices are critical entry points into any organization, and being able to identify and react to phishing emails appropriately will stop these attacks dead in the water. If you feel that you have received a phishing email, it is never a bad idea to confirm that the email came from the right source by contacting the person through another means of communication(calling, texting, etc). If you receive a phishing email on your school account contact Ms. Celeste or another administrator immediately and follow the appropriate policies and procedures.
Check the email address. If the sender is from an unusual domain it’s probably a phish.
Be suspicious of emails with generic salutations. They could be an indicator that a seemingly personal email went to a lot of people.
Be suspicious of emails which ask for an immediate action to be taken. That means that an attacker is expecting you to take action without thinking.
Be careful with links. Hover over the link first and check that the destination matches the link.
Don’t open attachments unless you’re expecting one from that specific person or you’ve verified the attachment is safe via some other means besides email.
Be mindful of emails containing offers that are ‘too good to be true’. More often than not, they are.
Red Flags in the Emails you Received
Shristi got the following awards for her project “Phishing: Don’t Take the Bait, Protect Your Sensitive Information” in the Senior high-school category.
State Science and Technology Fair, 2018
1) Intel International Science and Engineering Fair Trip Award, Student Observer
2) 1st Place in the Computer Science category
3) Intel Excellence in Computer Science and $200 cash award
She also received the following award at Eastern Iowa Science and Engineering Fair
1) EISEF: Honorable Mention, Senior
2) Inspiring Excellence: Alan B. Adams Meritorious Achievement
To learn more about our academics or to contact a member of our admissions staff, click here.