• Is Someone Phishing for Your Information?

    Don't get caught!

    (Taken from https://webtop.k12.wv.us/0/apps/administration/docs/users/spinDown)

    Since you have a K12 email address associated with your account, you should know that your email address will be not be removed immediately if your account is disabled, but failure to resolve the situation within 60 days of account termination may result in the permanent loss of your email address and the contents of your mailbox.

    As a reminder, never send your account password via email. We do not need, and will never ask for, your password.

    If a user asks you about this email, it is, in fact, a legitimate email and not a phishing attempt. There is obviously no way for us to definitively identify our message as legitimate (otherwise spammers and phishers would just do the same thing), but there are some indicators that an observant user could use to identify this email as legitimate:

    1. It mentions them by name. Phishing emails typically do not include any identifying information beyond email address.
    2. It mentions their administrators by name. Phishing emails will not direct you to your school, county, or RESA contacts for assistance.
    3. It doesn't contain any website links. Phishing emails link to websites owned by the sender in an attempt to drive the user from a place where the sender doesn't have any control (email) to one where they do (their website).
    4. It doesn't ask for any personal information. In fact, it specifically tells the user to never provide their password. Phishing emails are, by definition, used to trick people out of information (usually their username and password), so this should be a pretty strong indication that the message is legitimate.

    Any one of these indicators by itself is typically not enough to make a strong determination as to the validity of an email, but when taken as a whole they provide pretty compelling evidence. If a user brings this email to you, pointing out the differences outlined above may provide them with information that can help protect them from real phishing attempts in the future.