I sent the message below to all my district's employees this week:

______________________________________________________________

Hi folks,

If you don't see much of me in the coming weeks, it is because the IRS has a warrant out for my arrest for tax evasion and they will have caught me and I am sitting in a jail someplace. At least if the voice mails I have been getting lately from a rather sinister robotic voice are true. 

That is one example of scams and phishing attempts that seem to be growing increasingly common, spread through both email and phone calls. Here is another example sent from one of the security gurus at our regional support center:

Please be aware there is new Phishing Scam going around this week, where the bad guys are using “Active Shooter” and “Security Alert reported on campus” as the scare tactic. Please handle this scam with care as it has the potential to cause serious panic and disruption to your facilities and districts.

Please remind staff of the proper protocol for notification of an on campus security event, and to remind them this scam exists and NOT to forward it if they receive it but to notify IT immediately so you can begin to combat it.   

Some of the subject lines we have seen in this attack are:

“IT DESK: Security Alert Reported on Campus” “IT DESK: Campus Emergency Scare” “IT DESK: Security Concern on Campus Earlier”

• • “IT DESK: Security Alert Reported on Campus”
  • “IT DESK: Campus Emergency Scare”
  • “IT DESK: Security Concern on Campus Earlier”

As the ISD191 staff, I believe we have all become much smarter about responding to false requests for information and actions. Please remain skeptical of offers that look too good to be true, requests for releasing any personal information or any data about your students, or being asked to click on links from unknown entities. You are always welcome to contact the tech department if you have any questions about a suspicious message.

Firewall and spam/virus filters will never be 100% effective. "Social engineering" remains the most common means for the bad guys to get into systems and to obtain confidential data. 

Be cautious and help your students get smarter about these scams as well.

All the best,

Doug

______________________________________________________________

The security alert scam phenomena seems to have reached a new low in the malicious use of telecommunications. I cannot imagine the fear such an email going out to a school might cause. And the potential for "the boy who cried wolf" effect might further endanger students if genuine alerts are always viewed as hoaxes.

Senior citizens are often the target for online and phone scams as well. I alway try to alert my 85 year old mother when I hear of a new one.

Kevin Mitnick's book The Art of Deception: Controlling the Human Element of Security was a real eye opener for me and I would highly recommend it.

As technology director, I feel it is my responsibility to remind all my staff that they need to be continuously on guard when it comes to odd email requests and unknown links. I honestly do believe they are getting better all the time. 

But the job may never be completely finished.

Oh, after sending the message to staff, I did an offer from a teacher to post bail for me after my arrest by the IRS. I was honored.