Something Phishy is Going On
Parker Experience with Phishing Email Scare
On March 27, all non-student “@fwparker.org” accounts received an email stating that their password had been changed. 317 of the 442 users who received the email opened it to find a replica of a google announcement suggesting that the user, to “recover [their] account,” follow a “click here” link.
According to Technology Director Peter Evans, who sent the mock phishing email to gauge the school’s habits and further educate the community about safe internet use, there isn’t any issue in opening an email like this. The issues start when users press the “here” link. 115 individuals clicked this link and were guided to a page that asks for the users first name, last name, and email address. Over the course of two days, a total of 34 individuals entered their personal data.
Phishing emails are sent by internet hackers disguising themselves as trustworthy in order to acquire personal information from users. Often times these emails look to trick users into entering passwords or sending money. Though phishing emails have been around since the 1980’s, they are a much larger threat due to the advancement of technologies. According to The Barkly Endpoint Protection Platform, within the first four months of 2017, it was reported that W-2 phishing emails increased by 870%.
Sophomore Oliver Marks got a facebook message from his camp counselor that said, “Oliver Marks??” and that attached a link below. He clicked on the link, and it forwarded him to a page, where he entered his facebook password to “watch a video.” His account was then hacked causing his account to send out that same message to all of his facebook friends. “It was embarrassing,” Marks said. “I felt humiliated.”
“As soon as I got this email on the CTC and MX emails,” junior, and Computer Technology Committee (CTC) head Nathan Satterfield said, “I forwarded it to the Tech Department,” In the hours following the seeming phishing attack at Parker, faculty, staff, and students stopped by the Tech Office with intention to receive guidance and voice concern about the suspicious email. They were informed that this email was sent out by the Tech Department as a test to the school– but to keep it a secret in order to enable the better collection of valid date.
“Nobody knew this was coming,” Evans said. “There weren’t a lot who entered data, so I was happy.” In recent months, cyber hackers have targeted schools with their phishing emails. Schools appeal to hackers because when someone with a school email enters data, the whole school can be accessed.
“When doing this, we were looking at the whole world of cyber security,” Evans said. “I was trying to start a conversation about being more secure in a variety of ways.”
In the future, the tech office is implementing “renewed policies surrounding account password creation, Two-Factor Authentication for school accounts, mobile device and laptop management, and the access to and storage of confidential community data.”