Overview
What is phishing?
Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters.
Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering.
Reporting for shakopee.k12.mn.us Accounts
Info
Using the Phish Report tool outlined below ensures both District Technology and Microsoft teams receive email in a format that can be actioned upon. Forwarding emails to Helpdesk strip/block much of this needed info.
The district utilizes Office 365 spam filtering tools.
Tools include:
- User submission of junk and spam (see steps below)
- Daily email of quarantined emails (potential harmful messages)
-
Phish Report
-
Clicking this button when in a suspected phish email sends it to Technology for review.
- This process is different then just forwarding as ensure entire mail message is sent.
- Supported across multiple platforms:
-
Clicking this button when in a suspected phish email sends it to Technology for review.
| Outlook for Mac | Outlook for Windows |
|
Icon on message ribbon
|
Icon on message ribbon
|
| Outlook for Mobile | Outlook for Web |
|
Under message options (usually the three dots to view more options)
|
Message actions  |
Open suspicious email to report from Inbox
Click Phish Report from ribbon bar
Successful submission will return below message:
Info
If email is part of a Infosec security campaign you will receive below message:
Reporting for shakopeeschools.org Accounts
The district utilizes G Suite for Education spam filtering tools. Currently this does not allow for users to manage their own approved or blocked list for senders.
However, the technology department manages this at the domain level using following process outlined by Google support - https://support.google.com/a/answer/2368132?hl=en
To block email addresses at user level use Google support link:
Tips and Avoidance
We continue to do occasional "phishing practice" events in order to give everyone "live" practice with identifying and avoiding scam, phishing, or otherwise malicious e-mails.
This is a necessary form of practice and training. It is the digital equivalent of a "stranger danger" lesson, and an unfortunate reflection of the reality that is now commonplace for school districts to experience data breaches due to exactly this type of attack.
This article includes some examples of things to watch for and some training materials. Usually, if it looks like a scam or seems out of character (ie., your building Principal probably isn't going to send you an urgent e-mail asking for cash) then the delete button is your safest option.
District Phishing Campaigns
Here are the results of our phishing practice campaigns for approximately the past two years.
Individual Campaign Results
- Launch of Phishing Alert Report
Spotting a Phishing Attempt
Here are some tip sheets for spotting a phishing (attempt to gain access or information) or spoofed (impersonating someone as part of a phishing attempt) e-mail. You'll see some common themes; most suggestions boil down to being observant and trusting your intuition if a message seems out of character or unexpected.
Click to open the PDF file.
Learn to Spot the Scam
- Learn about scams
- Three (3) key points on how to spot
- Report Scam to the FDC
Sample Phishing E-mail
Sample e-mail from our phishing practice noting some red flag items, such as being aware of sender, whether links seem to go where they say, and establishing a sense of urgency in the example below.
When it comes to phishing attempts, we cannot stress this enough - if your instinct says something is off even if there are no obvious red flags, it's always best to pick up the phone to check with someone directly or forward the message to the help desk to have it reviewed.
Training
District runs training campaigns against staff at various levels and difficulties throughout the year. Campaigns consist of: regular phishing exercises, education training and activity monitoring.
To access available training login to Infosec via Infosec app 
located in Self Service folder 
in ClassLink LaunchPad (more details on LaunchPad can be found here: https://techtools.shakopeeschools.org/security/classlink-launchpad.