What is phishing
Phishing is a type of social engineering that is designed to trick the recipient into clicking on a malicious attachment or visiting a malicious website. Phishing is usually done through email, ads, or by sites that look similar to sites you already use. For example, someone who is phishing might send you an email that looks like it's from your bank so that you'll give them information about your bank account.
Phishing emails or sites might ask for:
- Usernames and passwords, including password changes
- Social Security numbers
- Bank account numbers
- PINs (Personal Identification Numbers)
- Credit card numbers
- Your mother’s maiden name
- Your birthday
AAPS phishing
We have been seeing a multitude of phishing attempts here at AAPS. The latest is someone sending emails that look like they are from building principals. They use the username of the principal but it is from the wrong domain, username.a2schools@gmail.com. All AAPS emails will come from either @aaps.k12.mi.us or @a2schools.org not @gmail.com. The below is a screenshot of an email forwarded to me this morning. The email seems innocent enough to start but they eventually ask for money or iTunes gift cards if you respond.
Avoid phishing attacks
Be careful anytime you get an email from a site asking for personal information. If you get this type of email:
- Don’t click any links or provide personal information until you've confirmed the email is real.
- Report the email to Google:
- Open the message in a browser.
- Next to Reply , click the 3 dots for More.
- Click Report phishing.
When you get an email that looks suspicious, here are a few things to check for:
- Check that the email address and the sender name match.
- Hover over any links before you click on them. If the URL of the link doesn't match the description of the link, it might be leading you to a phishing site.
- Check the message headers to make sure the "from" header isn't showing an incorrect name.
