A “phishing” email is designed to trick you into sharing personal information such as
- PIN numbers
- Credit card numbers
- Family information (mother’s maiden name)
- Social Security numbers
- Bank account numbers
The scammers behind these messages are not targeting you individually. Rather, they are blindly sending out email to millions of email addresses in the hopes that a few people will be fooled into providing the information they seek.
LPS email filters prevent hundreds of thousands of illicit messages from reaching LPS employee inboxes every week. Due to the ever changing tactics on the part of phishing scammers, some undesirable messages still reach our employee inboxes, despite our state of the art efforts to prevent it.
Have you already provided your personal information to someone?
If you have given your username and password to any NON-LPS site, your password must be changed as soon as possible. This link will take you to to the LPS Password Change tool where you are able to change your own password. This link will only work while you are on the LPS network.
How to recognize phishing
Your best protection against phishing is awareness. Modern phishing attempts are often sophisticated and appear to be legitimate correspondence from companies or organizations you trust. If any of the following tell-tale signs of an email scam are present DO NOT respond to the email:
- You have never done business with this company
- You are being told that there is a problem with your account and you must click a link to address the problem.
- The sender’s email address does not match the company legitimate address (@company.com)
- The message contains an impersonal greeting (Dear account holder, Dear web mail user, etc.)
- The message looks distinctly unprofessional (spelling mistakes, all capital letters, etc.)
- The message has a frightening or aggressive tone
- The message asks you to share your passwords, bank account info, or any other personal information via an email reply or link contained in the message
- The message claims you have won something you did not sign up to win
Is *this* email from LPS?
- LPS will NEVER ask you for your password. Not even the help desk.
- LPS does not have email “quotas” in place. In other words, we won’t email you to say that your mailbox is nearly full.
- LPS will never threaten to deactivate your email account. You need it to do your job.
- Any legitimate messages sent from the LPS Help Desk come from the address firstname.lastname@example.org. Most phishing messages come from some variation of near misses. (email@example.com, IT@lps.org, etc.)
If you question a message, feel free to call x1735 to check its authenticity.
What to do when you receive a phishing message
OPTION 1: If the message displays hallmarks of a phishing scam, simply DELETE the message and carry on with your day.
OPTION 2: Please REDIRECT any messages you believe to be phishing for your credentials to the email address firstname.lastname@example.org.
- A “redirect” is much more valuable to Computing Services than a “forward” because redirects keep the original message intact and help to identify the source.
- To redirect a message in Zimbra, right-click (control-click) on it and choose “redirect” from the pop-up menu. Enter the email@example.com email address and click OK.
OPTION 3: If you feel you are being targeted by a scammer, you can file a report of a potential e-scams at the Internet Crime Complaint Center (IC3). The IC3 is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
LPS has purchased a product called KnowBe4 to help provide natural training opportunities for staff about phishing and spam tactics.
One way the District plans to use this tool is by delivering our own “phishing” messages to LPS employees that help us learn lessons about these tactics in a safe way. These messages will be similar to those sent by scammers, but if an LPS user follows links in these messages, KnowBe4 will provide instant training by drawing attention to recognizable “red flags” in the message that identify it as a scam.
KnowBe4 also offers training modules that are available to any staff who wish to improve their knowledge and develop an informed skepticism about the authenticity of phishing messages. To see these training modules, please visit the LPS Portal and click on the KnowBe4 link.
Additional resources on Phishing scams
- ‘About phishing‘ via Google
- ‘How to recognize phishing email messages, links, or phone calls‘ via Microsoft
Updated January 16, 2019