Product: Gmail (email)

Audience: All Staff

Overview

Learn to identify the key indicators of phishing emails, how to report them, and the difference between phishing and spam.

As a quick reference, the PAB (Phish Alert Button) is an orange fishhook icon available in Gmail either at the top of the message window or on the right sidebar. Using the PAB will send the message directly to Technology Services for review.

When in doubt, phish it out! 🎣

What is Phishing?

Phishing is a type of scam where someone tries to trick you into giving away sensitive information, like passwords or credit card numbers, by pretending to be someone you trust. It often happens through fake emails that look like they're from legitimate companies or people, but in reality, they’re from cybercriminals.

For example, you might get an email that seems to be from your bank, asking you to click on a link to "verify" your account. If you click that link, your computer could be infected with malware or the link could lead you to a fake page that asks for your information so scammers can steal it. 

The key to staying safe is to be cautious about unexpected emails, especially ones asking you to provide personal info or click on unfamiliar links. Always double-check where the email is coming from before responding or clicking.

Identify Phishing Messages

Let's look for FAKE identifiers.

Feeling: There is a sense of urgency, with large red letters saying “Action Required" at the top and “Act now” at the bottom. We may feel curious about the messages ”held for review".

Action: We are asked to click a link in the email to “avoid missing” important messages. 

Know: We don't know this sender, and “mail-administrator” is not a familiar domain used in Corvallis School District. Furthermore, we don't know why the Microsoft logo is used in this message when Google/Gmail is our primary email system.

Expect: We were not expecting this message. Technology Services has never sent emails like this and we should report this message as potential phishing.

Check URLs

Another important tool in your phishing detection toolbox is how to investigate a URL without clicking the link and visiting the potentially malicious site. The simplest method is to hover your cursor over the link (or button in this example) and a preview of the actual URL will appear in the bottom left corner of your window. 

In this example, we can see this link leads to a website that we've never heard of. This email should definitely be reported with the Phish Alert Button!

Another reason to hover over links is because the text in the email doesn't always indicate where the link will take you. In the screenshot above, the text displays a different website than what we see when hovering over the link. 

Attachment Safety

Malware is software designed to accomplish a malicious purpose, often harming the system it affects to steal data or extort the user. Malware comes in many forms, including email attachments. Code can be embedded in PDFs, Excel or Word documents, Sharepoint files, and more. Sometimes, all it takes is opening the attachment to trigger malware. Many Phishers utilize trusted Share sites to mask their attempts, including Sharepoint, DropBox, and Google Drive. If you were not expecting an attachment (especially if there are other phishing indicators), we advise caution. As a rule, Corvallis School District only supports using Google Drive for cloud file sharing.

Some other file types that can be used for malware purposes are:

Treat attachments like links: think before you click! 

Reporting Phishing Emails

In the Corvallis School District, staff can use the Phish Alert Button (PAB) in Gmail to report potential phishing messages. The PAB, represented by an orange fishhook icon, can be found in the top toolbar of an email window or on the right sidebar. By using the PAB, the message is sent directly to Technology Services for review.

Once received, Technology Services will assess the reported message and take action to protect the district’s technical resources. This may include removing the phishing email from other staff inboxes, blocking the sender, updating our email filters, and more.

If a reported message turns out to be legitimate, Technology Services will contact the original sender to notify them. This is why we encourage reporting any suspicious emails—even if you're unsure—so we can ensure the security of our systems.

When in doubt, phish it out! 🎣

Spam vs. Phishing

It's crucial to distinguish between spam and phishing emails, as they serve different purposes and require different actions:

• Spam: Spam emails are typically unsolicited messages from companies or individuals trying to sell products or services. These emails are often promotional in nature and generally harmless. While spam can clutter your inbox and be a nuisance, it is not designed to steal sensitive information or harm your computer.
   
• Phishing: Phishing emails, however, are malicious. They are crafted to look like legitimate communications from trusted sources, such as your bank, a colleague, or a reputable company. The intent behind phishing is to deceive you into providing sensitive information, such as your login credentials, financial information, or account details, which can then be used for identity theft, fraud, or network breaches.

Phishing Victims

If you have been a victim of phishing and clicked an embedded link or entered personal data, please follow our Phishing Protocol and contact your building SPOC immediately.