Is Someone Phishing for Your Information?
Don't get caught!
If a user asks you about this email, it is, in fact, a legitimate email and not a phishing attempt. There is obviously no way for us to definitively identify our message as legitimate (otherwise spammers and phishers would just do the same thing), but there are some indicators that an observant user could use to identify this email as legitimate:
- It mentions them by name. Phishing emails typically do not include any identifying information beyond email address.
- It mentions their administrators by name. Phishing emails will not direct you to your school, county, or RESA contacts for assistance.
- It doesn't contain any website links. Phishing emails link to websites owned by the sender in an attempt to drive the user from a place where the sender doesn't have any control (email) to one where they do (their website).
- It doesn't ask for any personal information. In fact, it specifically tells the user to never provide their password. Phishing emails are, by definition, used to trick people out of information (usually their username and password), so this should be a pretty strong indication that the message is legitimate.
Any one of these indicators by itself is typically not enough to make a strong determination as to the validity of an email, but when taken as a whole they provide pretty compelling evidence. If a user brings this email to you, pointing out the differences outlined above may provide them with information that can help protect them from real phishing attempts in the future.