Fayette County Public Schools

Skip to main content
Mobile Menu
**Vision Statement: Every Student; Every Day**Mission Statement: To inspire every student to reach their full potential.**Statement of Goals: Focus on every student. Invest in our staff. Partner with our community.**.
Search | Login
Technology and Communications » FCPS Email Phishing Statement

FCPS Email Phishing Statement

The FCPS Technology Department is always trying to sure ensure that our students and employees are kept safe from daily online threats. We are constantly vigilant about having safeguards in place to make the online experience as safe as possible. We have recently seen a spike in phishing and spoofing attempts targeting teachers’ emails. This includes attempts from outside sources to lure our users into an email conversation that ends with the attacker asking the user to purchase online gift cards and send them to the attacker. This usually starts with an email sent from a fake email address which looks like it is coming from a school official. In an effort to combat this threat, we are providing some useful information to help users recognize and stop these email attacks. We hope this information is useful and will help raise awareness of email phishing scams. If you feel that you are receiving phishing emails, please do not hesitate to reach out to your Chief of School or the FCPS Technology Team at [email protected].

 

 

WHAT IS PHISHING?

Phishing is when scam artists send official-looking emails, attempting to fool you into disclosing your personal information — such as user names, passwords, banking records or account numbers, or social security numbers — by replying to the email or entering it on a phone website. Phishers can pretend to be from a legitimate bank, organization, government agency, or store, or claim to be the host of a lottery or contest.

 

HOW CAN I IDENTIFY MALICIOUS E-MAILS?

  1. Identify the Sender. Do you know this person? Were you expecting e-mail from this person or does it fit in with your job role? If not, it is probably suspicious.
  2. Reply-to. If the Reply-to address is different from the sending address, this should raise your suspicion for the whole message.
  3. Links and Attachments. If you were not expecting an attachment or a link, and you do not know the sender, do not open it! If you are not sure, check with the sender by phone (don’t use a phone number in the e-mail), otherwise report it.
  4. Grammar and Tone. Many of the malicious e-mails sent have poor grammar, punctuation and spelling. In addition, you should know how your co-workers communicate. Does this message sound like them? If not, it is probably malicious.
  5. Emotions. Be wary of any e-mails trying to cause certain emotions. The most commonly-used malicious emotions are:
  • Messages offering or promising you money by clicking a link or giving away information are usually malicious. If it seems too good to be true, it probably is.
 
  • Unusually short deadlines create a false sense of urgency to act. Attackers employ this technique in attempts to confuse the recipient.
 
  • Attackers take advantage of our curiosity by promising something exciting or prohibited content.
 
 

What can you do to prevent these types of messages?

Starting an awareness campaign can help staff understand why they should review these messages more closely. Here are some of the things you may want to consider:

  • Identify poor grammar within the email. For example, check for capitalization errors: "I" is lowercase while the word "vendor" is capitalized. The message may include many other grammatical errors as well.
 
  • Hovering over the email name will typically expose the underlying email address where the email really came from.
 
  • Even though the message indicates not to call, make a call to the person or business office official to confirm the information being requested.
 
  • Don’t click on suspicious Web links such as ones requesting to verify your email account and password information. Hovering over the Web link will expose the URL the perpetrator is trying to send you to.
 
  • Don’t click on suspicious Web links such as ones requesting to verify your email account and password information. Hovering over the Web link will expose the URL the perpetrator is trying to send you to.
 
  • Send an email to the FCPS Technology Department at [email protected]. Once the technology department has the information, it can investigate phishing attempts and resolve the issue.