There is a new phishing attack that is taking advantage of the widely acknowledged technology issues facing students, families, and educators. It is targeting educators, using infected attachments that masquerade as student assignments. The attachments contain ransomware that encrypts your files and locks you out of your devices until the ransom is paid.
In this type of attack, the hackers pose as a parent or guardian submitting a student’s assignment on their behalf. They claim that the student was unable to upload the document due to technical issues. The emails are very emotional and are designed to tug on the heart strings of the educator.
The subject lines the attackers have been using are:
• Son’s Assignment Upload
• Assignment Upload Failure for [Name]
• [Name]’s Assignment Upload Failed
Here is an example of the types of emails being used.
Often the attachment is a Word document . Once you open it, you are asked to “enable editing” and “enable content”. If you do, the ransomware is loaded onto your device.
This attack is very targeted, using contact lists available on the school’s websites to determine who to send emails to. Although the attackers are currently focusing on K through 12 schools, it is expected it will move to post secondary institutions next.
To avoid these types of attacks:
- Only accept assignments submitted through regular channels.
- Do not open an attachment unless you check the sender’s email address and know who the email is coming from.
- Verify the sender actually sent the message whenever possible.
- Do not enable content or editing on Word documents unless you are 100% certain of the sender’s identity.
- Do not enable macros on Word or Excel documents unless you have talked to the sender of the email to verify it is safe to do so.
If you are unable to contact the sender and aren’t sure of the legitimacy of an email, report is using the PhishAlarm button or by forwarding it to firstname.lastname@example.org.