The volume is immense: Based on research, a district our size is collectively faced with +40,000 malicious emails in our inboxes every year. Cyber crime industry is huge, and “threat actors” can make big money. Tactics and content change constantly. There’s a delicate “filtering” balance to allow emails in that people need to receive and keep emails out that are fraudulent. Too loose and everything gets through, too restrictive and many external emails you should receive don’t come through at all. The fact is no matter how good your security, a small percentage of phishing emails will always reach your users’ inboxes.

As we’ve seen many times in the news, the damage from phishing threats for organizations can be catastrophic, with many breaches costing millions, harming the organization’s reputation and destroying relationships with stakeholders.

In addition to potential damage to the district, individuals are equally if not more likely to experience significant hardship in falling for a phishing scam. If successful, phishing cybersecurity attackers can possibly: - Hijack your usernames and passwords - Steal your money and open credit card and bank accounts in your name - Request new PINs or additional credit cards - Make purchases - Add themselves as an authorized user so it's easier to use your credit - Use and abuse your Social Security number - Sell your information to other parties who will use it for illicit or illegal purposes

Learning to detect and avoid clicking on links in phishing scams is the best line of defense for both yourself in your personal life and for your organization. If you aren’t sure, always err on the side of caution. You can also forward the email to our Learning Technology Department Help Desk to confirm (help.desk@sd23.bc.ca). Note: if you ever do click on a link in a phishing scam, you should be sure to change your current password (that goes for any other sites/applications you might access that use that same password). This is also why we highly recommend you do not use the same password across multiple sites.

Vishing is a cybercrime that uses the phone to steal personal confidential information from victims. Often referred to as voice phishing, cybercriminals use savvy social engineering tactics to convince victims to act, giving up private information and access to bank accounts. Some quick tips to protect yourself from a Vishing scam include: - Be cautious anytime anyone calls you and creates a sense of urgency/pressure - Never trust Caller ID (scammers can easier spoof a number to look like it is coming from a legitimate organization) - Never provide personal information over the phone unless you initiated the call (say for example with your bank) - If you believe the phone call is a Vishing scam, simply hang up

A form of phishing, smishing is when someone tries to trick you into giving them your private information via a text or SMS message. Smishing is becoming an emerging and growing threat in the world of online security. Some quick tips to protect yourself from a Smishing scam include: - Don’t reply to text messages from people you don’t know - Don’t click on links in text messages unless you know the person they’re coming from - Simply delete any text message that you believe is a Smishing scam