Beware of Phishing Scams, Fraudulent Emails

MCPS continues to see an increasing number of phishing scams sent to Outlook email users. A story in the February issue of IT Wire discussed the issue. The story is reprinted below.
We are continuing to see a noticeable increase in the number of phishing scams and fraudulent emails where a perpetrator sends out a legitimate looking email in an attempt to gather personal or confidential information from the recipient. Other districts close to us have experienced major disruptions as a result of these types of scams. Often, the email will reflect urgency, such as “Please click on the link to increase your storage space or your account will be disabled!” When the user clicks on the link in the email, a webpage will open that requests the user’s username and password or other personal information. In some cases, the email attachments or links can install unwanted software on your computer that can encrypt your files and send copies of those files to hackers who want to hold your data for ransom.
While we use some of the industry’s best tools to prevent these emails from reaching your mailbox, these tools cannot stop them all since they come from legitimate mail providers such as Outlook.com, Gmail.com and Yahoo.com. Additionally, these emails are personalized in a way to remove any detectable patterns.
As shared in previous IT Wire newsletters, we are prefixing emails from external senders with the text [EXTERNAL] and including a yellow banner in the email body to indicate that an MCPS employee or administrator did not send the message. The purpose is to help employees recognize when a message is not from MCPS and may be a possible phishing scam. Before acting on any request to purchase gift cards via email, we encourage staff to be very cautious and speak with colleagues in person or on the phone to ensure the request is legitimate.
If you receive an email and question the legitimacy, please forward the email to abuse@mcpsmd.org. If it is an illegitimate email, we will remove the emails and block the email sender to prevent further abuse.
More news from the February 2021 IT Wire is available here.