April 23, 2018
The recent shootings at schools in the United States have shocked the nation, with educational institutions now on high alert for any recurrences. The news of an active shooter on campus requires an immediate response and is likely to result in panic. It is, therefore, no surprise that scammers have taken advantage and have been sending fake active shooter alerts via email to schools and colleges.
KnowBe4 has lately recognized one such cheat that was used to aim a community college in Florida. Numerous subject lines were incorporated in the electronic mails alongside the same subject: There is presently an active shooter on site.
Variants of the scam detected by KnowBe4 include the subject lines: “IT Desk: Security Concern on Campus Earlier”, “IT Desk: Campus Emergency Scare”, and “IT Desk: Security Alert Reported on Campus”.
The purpose of the electronic mails is obvious. To entice a freaked tick, which guides the user to a website where they are requested to enter into their Microsoft account identifications.
This type of scam could easily be used against other educational institutions, healthcare organizations, government agencies or even businesses.
This phishing incident is specifically scandalous and demonstrates that no subject is too hypersensitive to be used by scammers to thieve credentials, data, or deliver ransomware or malware.
KnowBe4 warns all organizations that even though an email may contain urgent information that requires an immediate response, it is still important for end users to stop and think before acting.
Electronic mail receivers must take a minute to verify the electronic mail for any indications that the message isn’t genuine or to confirm the warning through phone – nevertheless not using any contact info contained in the message body.
While this type of email scam is perhaps more likely than most to fool employees into responding, KnowBe4 strongly recommends that such a scam not be included in phishing simulation exercises. KnowBe4 notes this type of phishing test would likely carry “a high runaway risk,” and could be reported to law enforcement and other authorities or the media which could cause a potential escalation, downtime, and possible harm.