HPS Phishing Tests 1

Hopedale Email Security

As you may have seen on the news, malicious activities such as ransomware are becoming extremely common in cities, governments, and schools.  In a case of ransomware in our district it could shut down every computer in the district for weeks or even months depending on the severity.  In addition to ransomware, malicious users are constantly attempting “phishing” scams to gain account information or personnel information to sell or use.   We have several layers of protection at our district to prevent both ransomware and phishing scams, however they are both still possible and unfortunately the easiest way for them to become a real threat is through staff.

Over the past two days several fake emails were sent to 100 random recipients at the district.  These fake emails were designed to fool you into either clicking a link, having you enter your credentials into a fake login, or have you download a malicious attachment.   

These emails were a TEST to see how our staff reacted to said emails in an effort to understand what we need to do to protect our district’s devices, network and personnel data.

  • Out of 100 random users, 81 users opened at least one of the fake emails.
  • Out of the 81 users that opened a fake email, 28 users either clicked a link, entered their account credentials to a fake website, or downloaded a fake malicious attachment.
  • 13 users reported the emails to me, even after clicking, entering their credentials, or downloading an attachment.
  • It only takes ONE user downloading ransomware to infect the entire district
  • It only takes ONE user providing credentials for a malicious user to get all names, emails, a copy of all sent and received mail, all drive documents, etc. from that account which could contain sensitive student data.

Please see below for a infographic on what to do with suspecious emails. A example of a fake email vs. a real email is also below.

HPS Phishing Tests 2

Remember...

  • Check the sender's email address.
  • Hover over a link to see where it leads before clicking.
  • Don't click any links, download any attachments, or reply to any emails that you thinkmany be suspicious!
  • Delete it!

Example of catching a fake email

Fake

HPS Phishing Tests 3
HPS Phishing Tests 4
HPS Phishing Tests 5

Real

HPS Phishing Tests 6
HPS Phishing Tests 7
Skip to content