Malden Public Schools administrators continue to monitor cyber safety after high school students get fake scam emails

By Steve Freker

Malden Public Schools administrators immediately addressed reports last week of fake emails being sent to some students with promises of paid jobs if they applied, and in the process, shared personal information.

Superintendent of Schools Dr. Timothy Sippel and Malden High School Principal Chris Mastrangelo notified Malden police last week— the same day a number of MHS students received the emails, falsely claiming to be from a Malden High staff member.

The administrators and police said Malden Public School students should be vigilant about scams in their school email inboxes.

A statement from the Malden Police Department released Friday said the scam targets students in the Malden school system. The emails look like they are coming from staff members, but are actually from scammers attempting to entice students into a fake “job opportunity”.

The fake scam email reads: “Opportunity for All Students — All students in the MALDEN PUBLIC SCHOOLS who are interested are encouraged to be a part of this amazing offer. This is a part-time job that will not affect your present employment or academic program on campus and you will work remotely for this position. It’s fun, rewarding, and flexible. 2-3 hours daily. Three Hundred Dollars ($300.00) per week. Part-Time Position.
To apply, be sure to visit the link below.

A Google form then followed asking for detailed personal information.

A warning message was sent to all Malden students to not answer the emails or provide any personal or other information to the “job offer” emails, since they were not affiliated with the school or any staff member.

School administrators reaffirmed the safety of all students and staff — including cyber safety — is a top priority of the Malden Public Schools.

Signs of Phishing Scam: Do’s and Don’ts

(Courtesy of brite.com)
Here’s the checklist of criteria cybersecurity professionals recommend to determine if an email is suspicious:
1. Inconsistent URLs, links and email addresses
Check for small changes in common domains to see if link URLs are consistent with the sender domain. An easy way to do this is to hover over the link inside the email message. Be wary if the URL doesn’t belong to the company that supposedly sent the message.
2. Incorrect spelling and grammar
The reason poor spelling and grammar are used in phishing email scams is twofold. First, some scams originate overseas where English is not the actor’s first language. Second, devious actors strategically use subpar spelling and grammar to weed out critical people leaving those who fall prey to phishing more likely to complete the desired action.
3. Threats or demands for action
No credible organization threatens its customers with serious consequences. Consider it suspicious if an email sender demands that you click a link, open an attachment, or reply with personal information (i.e. financial information) or else face legal action or a frozen account.
4. Request from a vendor to an unassociated email address
Know which email addresses are associated with each account you have if you have multiple ones. Be skeptical of requests to non-associated addresses. For example, assume phishing if you receive an email from Amazon to your professional email and the account is not linked to it.
5. Unexpected email or attachments
Use caution if you’re not expecting to hear from someone via email. The same goes for unexpected attachments. Don’t click on it. Give the sender a call to see if they truly emailed you an attachment.
6. Low-resolution logo
Phishers often use crude tactics like “cut and paste” to grab a logo from an organization’s website to pass it off as their own. Chances are the sender doesn’t work there if a government agency, bank or other legitimate organization’s logo is low quality, blurry or just not prominent.
7. Offers for free stuff or cheap deals
Offers that sound too good to be true probably are too good to be true. Things like free products and services, cheap bargains, sweepstakes and prizes should raise an eyebrow and an alarm.
REMEMBER:
DO
—Be vigilant when checking emails. Always give full attention to the task at hand and never give any suspicious sender the benefit of the doubt.
—Look at the “from” address. An email is fraudulent if it says it’s from a legitimate organization (e.g. a bank or financial institution) but comes from something like a Gmail account.
—Make sure your endpoint protection and patches are current.
DON’T
—Don’t give out personal information or financial data.
—Don’t click on a link, open an attachment or call phone numbers provided in unexpected emails.
—Don’t use the same password for every account. Using varied passwords for each account will protect you if you do get hacked. The hacker will have trouble accessing the other accounts even if one account is phished. Also, change passwords right away if you think you have been breached.
Be prepared – phishing email scam tactics are always evolving. Stay up-to-date and learn as much as you can about the latest methods that attackers are using. You will be able to better identify advanced techniques the more educated you are and the more exposure you have.