I have had a first hand account with phishing. I hope I have survived it.
What alerted me to the fact was the strange web link. Three of my inbox people I would have trusted. One being a school principal, the second being a Deputy Principal and another being an ICT lead facilitator. (Refer to the second image.) I would have opened their links immediately. However one said: I have been having better _ _ _ and longer with this link here. The other two said: Haha- this you??
Being unsure, I visited the victims twitter page instead of opening the direct link.
The same message was there. I then visited their blog pages and the twitter message was broadcasted there too because their twitters feed their blogs. Just like mine do. I visited one school site and could not get email contact. I searched white pages so that I could alert one of them but he was unlisted, as principal generally do. Luckily I remembered his old Deputy Principal online CV and located a cell phone number. The total time took me half a day. One’s educational reputation can be easily tainted.
To find out what was going on I searched Twitter virus, February, 2010. Phishing came up. Something else came up too, called Direct Messaging. That is the first image on this blog.
As a school what would you have done if your school twitter page started block sending lewd emails to everyone on your followers list. Your followers sign into twitter to see what you want and a DM comes up asking for confirmation of email and cell phone details. Both of which are correct. The Direct Message looks legit and gives a link to a fake Twitter login page. your follower clicks “Good to Go.” They are phished.
According to Twitter’s Blog: Phishing is a deceitful process by which an attempt is made to acquire sensitive information such as Twitter usernames and passwords.
The bad guys masquerade as someone you trust, eg: School Principal, Deputy Principal and a Leading Auckland ICT educator, may send you a Direct Message with a link.
As educators we have to be always aware and up to date with what is happening. We cannot leave our online reputation to chance. Some of the steps I regularly take are
1) Be active online and if I see something new- learn about it.
2) Regularly search my name using google to see where I am online.
3) Always be cautious with block email sends. I usually just bin those.
4) Practise Zip, Flick, Click-
a. Zip my personal details and keep them close.
b. Flick of weird emails and do not open them.
c. Click a search engine and keep up to date.
Now to learn about Spear Phishing.