• Recognize and Report Email Scams

    Email scams (known as phishing) are a common method to trick you into visiting a fraudulent website, opening an infected document, or logging in to "validate your email account."

    Challenge

    The IRS needs your information now! A friend or colleague shared a document with you! Your account will be shut off! Is the email real? How do you know?

    Email scams (known as phishing) are a common method to trick you into visiting a fraudulent website, opening an infected document, or logging in to "validate your email account." These emails, websites, documents, or login pages may be obviously fraudulent, or may look exactly like the District's pages or subscription sites. K-12 educational institutions are popular targets for these scams.

    Solutions

    Take Immediate Action If You Think You Are a Victim

    • Change your District Internet password immediately on the Security page if you:
      • Believe you have been Hacked—report this to phishing@jsusd.org.
      • Responded to a scam email with your personal information or clicked on a link.
    • If you opened an attached file or shared document, your files, identity, personal information, or the District’s data may be at risk. Contact Technology Help staff.
    • Visit identitytheft.gov to learn about immediate protective actions you can take.

    Recognize Scams

    • Emails that come from official-sounding senders like “JSUSD Edu Team,” “Service,” “HelpDesk,” “Customer Service,” or even a colleague, teacher, or friend.
    • You receive a password reset request or call that you did not initiate, or that you initiated by clicking a link in an email rather than on the official page. 
    • Messages that include threats of dire consequences if you don't act quickly. For instance, if you are asked to pay ransom to access your data.
    • You see links to a login page that may or may not look exactly like the District's login page but the web address does not end in jsusd.org or may be shortened by services like TinyURL.
    • Messages that may ask you to open a shared document you may or may not be expecting, may ask you to bypass policy/procedures, or ask you not to tell anyone.
    • Learn to recognize the difference between a fake and official District Google login page. 
    • Learn what to do with SPAM-unsolicited commercial email.

    What Not to Do

    • DO NOT give your passwords and other sensitive information to an unverified party online, over the phone, or in person.
    • DO NOT approve a Password reset that you did not initiate.
    • DO NOT click any links contained in the message.
    • DO NOT open any attached files or shared documents.
    • DO NOT provide personal information such as passwords in a reply to an email.
    • DO NOT submit passwords through Google Forms.
    • DO NOT violate policy.

    Report Email Scams

    • Check an example on the Report Phishing Scams page.
    • If in doubt, reach out! Ask for a second opinion (phishing@jsusd.org). Forward the original text of scam email to phishing@jsusd.org  (include email headers if possible).
    • The report in Gmail (select the “Report spam” button or “More” and then “Report phishing” option; this helps to educate Google).
  • Phishing:Beware Fake Google Drive Invitations

    Scammers are aware of the fact that Google Drive invitations may be likely to get through spam defenses because they emulate legitimate invitations.
    Screenshot of fake Google drive share used in scam email

    In this example, scammers utilize Google Drive's collaboration feature and send push notifications from Google itself to deliver malicious content. The email may contain a non-JSUSD URL, a OneDrive notification, and/or a link to Google workspace. 

    The scammers’ goal is to get you to open a Google doc containing a link to either malware or a fake login page.

    Note: Our District email addresses and Internet IDs are considered public data (unless they are suppressed). Scammers often collect email addresses off the Internet for their scam recipients. 

    Indicators of Phishing

    • Document names (not exhaustive): DC.docx, Evaluation.docx, EVALUATION FORM.docx, Faculty Evaluation.docx, Evaluation.pdf, Resource.pdf etc..
    • The name and email of the person sharing the document does not match the name or email of the purported JSUSD person sharing the document
    • First line of the message is "[Non-JSUSD email address] shared a document"
    • Non-standard English grammar and spelling errors
    • Contains a link to a docx or PDF -- Always a red flag!

    What to do if you receive one of these:

    • Do not reply, click the link(s), login (if you do click the link) or use Single Sign On (SSO).
    • Forward the scam email, with headers, to phishing@jsusd.org *
    • Delete the message
    •  
    • * Here are instructions on how to forward the scam email, with headers, to phishing@jsusd.org  . 
        1. Sign into your email in a web browser.
        2. Open the email you want to check the headers for.
        3. Click More, The ellipsis ( three vertical stacking dots - sometimes called the kebab)
        4. Click Show originalA page with the email headers will open in a new tab or window.
          More menu; the Show original option highlighted.