The District has been experiencing an increase in the number of successful phishing attempts over the last few weeks.

Phishing may sound like fun, but it’s not. Phishing emails target a specific individual or a small group using personal details and often contain a link or an attachment to initiate a cyberattack. The email will look harmless. For example, it could look like an official email sent from the SFUSD Help Desk with a request to change your password or an attachment from a supervisor you are asked to open. 

So how do you know the safe emails from the scary ones? A little skepticism will go a long way in protecting yourself from phishing attacks. Ask yourself:  

• Does the email seem off or unlike something you would normally get from the sender? The email may be concerning if it contains one or more of the following:
  • An unfamiliar tone or greeting
  • Recipient did not initiate the conversation
  • Threats or a sense of urgency
  • Suspicious attachments
  • Unusual request
• Is the email address correct (look for slight differences)? Check the actual email address by clicking on the grey arrow under the sender’s name to see the email address. If it’s an internal SFUSD sender, does it include their picture and contact info?
• If it does seem off, send a new email--using the email forward function--to the supposed sender at the email address you usually use to contact them to confirm the suspicious email was from them. Don’t hit reply, as you could be replying to the cyber-attacker.

When in doubt, forward any suspicious email to the DoT Help Desk.

Duo: Staff can greatly reduce the risk of unauthorized access to our systems and protect against phishing attacks, password breaches, and other cyber threats by using Duo Two-Factor Authentication (2FA). Duo is a security solution that requires users to provide two or more forms of authentication when logging in to an account. In addition to the standard username and password, users must also provide an additional authentication factor, such as a code sent to a phone, a fingerprint scan, or a security token. If you are not currently using Duo and would like to, please submit a ticket to our help desk, and we can support and enroll you.

If you think you have been the target of a phishing attack, let us know - we’re here to help! Please reach out to the DoT Help Desk so that we can make sure the security of your computer and SFUSD systems hasn’t been compromised.