On Valentine’s Day everyone with a Milton Area School District email discovered a “Secret Admirer” in their inbox.
According to District Network Administrator Duane Gemberling, the district created a phishing email to test responses. A real phishing email “fishes” for information by enticing users to click on a link in the email, he explained. Those links can place malware to collect information from the device and spread it to any other devices on the same network, he added.
Malware is malicious software created to destroy device systems created by cybercriminals or hackers that can be found in the form of websites or links, said Mr. Gemberling.
Many students may believe the school email filters will protect them, but hackers are running tests to break those filters every day, said Mr. Gemberling. He added it is important to be aware of potential threats and the harm they can cause. “The filters do catch a lot of junk, but there are still some that skip through. So, we have to be aware of it,” said Mr. Gemberling.
According to Mr. Gemberling, about 10 years ago a staff member clicked on a phishing email that spread throughout the district email boxes. He said it began encrypting the network, which meant school district information was being compromised. This information could potentially be sold to other parties and could include personal data such as bank information and social security numbers, he added.
“A worst-case scenario would be if several users were to click the links in a phishing scenario and get the virus installed on several computers,” said Mr. Gemberling. “This would have the potential to bring down our network and systems.”
The technology department has sent out three phishing emails to staff since January, added Mr. Gemberling.
According to Mr. Gemberling, the Feb. 14 email was sent to 672 students, which 27.68 percent of users clicked on the email. Only0 .74 percent reported the email, which means only five people, he said. Of the 253 students who opened the email, 100 deleted it, and two people replied to it, he added.
Junior Madeline Watkins said she recalled the Valentine email. “I recognized it was fake but I still… (clicked on it) because I recognized it as a school email,” she said, adding that she did not respond to it beyond that.
Mr. Gemberling said he hopes to gain more awareness for these emails and educate students on the importance of recognizing them. “I hope they learn to be safe, not only with the school equipment, but (also with) personal equipment. If they have credit card information on their device, scammers can have their credit card information and charge things to their account,” he explained.
Mr. Gemberling added he is sure the district technology staff will send out more “phishing” emails in the future. “You need to do everything you can to be safe and learn what to look for,” he said.
Mr. Gemberling shared a strategy to avoid falling for phishing emails: “If you hover (over) the email, down in the bottom corner, it shows you where the link is going. If it is going somewhere you don’t understand, I wouldn’t click on it.”
