Welcome to the VCS IT Help Center!

Check out our step-by-step tutorials, informative knowledge base articles and FAQs, or submit your own questions for support

Is that service or webpage down? Click here to find out --->

Articles in this section

How to Be Aware of Phishing Attacks Including "CEO Fraud" Follow

Avatar
Mike Annab
  • Updated

Phishing is a cybercrime in which one or more targets are contacted by email, telephone or text message by someone posing as an authorized person or legitimate institution, in order to lure individuals into providing sensitive data such as personally identifiable information (PII), banking and credit card details, passwords, etc.

Here is a video walk-through of how phishing works.

The information can be used to access important accounts and can result in identity theft and financial loss. Sometimes they will pose as a boss or other executive and request fund transfers, change of bank routing information, or gift card purchases.

The one thing you have to remember if you get one of these emails is DO NOT REPLY. All that does is verify your email as valid and gives them an opportunity to socially engineer your response. These people are good at what they do and they make a lot of money, which is why they keep doing it.

We are continually bombarded with phishing attempts and need to take measures to avoid staff becoming victimized in the near future. Review the “phishing conversation” attachment to read the dialogue between one of our teachers and a bad actor (who pretended to be a principal). And before you think, “It can never happen to me” it can.

So again, NEVER engage in any financial transfers of ANY kind via email. We now have a VCS policy that NO transfers of money, gift cards, etc. are authorized WITHOUT FIRST VERIFYING the request directly with the administrator in person. VCS will not be liable for any personal losses that may result from failure to follow these procedures.

Examples of requests that MUST NEVER be acted upon without prior in-person or phone call verification:

  • Requesting money via wire transfer
  • Requests for gift cards
  • Check requests without proper documentation
  • Changes to personal bank accounts or routing
  • Requests for any sensitive or confidential information (usernames/passwords, SSN’s, medical records, grades/academic records, IEPs, etc.)
  • Bitcoin wallet requests  

 

If you are uncertain about the validity of a particular email, here are your options:

  • Delete it (email is NOT the method of choice in communicating matters of great importance) or 
  • Feel free to report the email as phishing. When in doubt, report it!
  • Take a moment to examine the sender address. Does it come from an actual known domain such as VCS.NET? Do the links look valid?
  • Is the message consistent with past behaviors and with school policies?
  • Before taking any action, especially when money is involved, pick up the phone and verify the information

 

Although it’s a serious problem (91% of all scams are phishing scams and 95% are CEO scams where hackers pretend to be your boss), there IS an easy way to fight back. DO NOT RESPOND via email.  If you receive an email that appears to be from your administrator, pick up the phone and call to verify BEFORE taking any other action. Administrators know to not ask for financial transactions via email.  

We are working diligently to combat this growing problem but our efforts are only as effective as your willingness and desire to follow procedures

 

Related articles

Comments

0 comments

Please sign in to leave a comment.