Good Morning,Are other divisions seeing an increase in fraudulent emails where people are creating Gmail accounts and impersonating principals, then request staff buy $500 in iTunes gift cards, scratch the back, then email the codes back? If you have, please let us know and if you have strategies for how to mitigate. We have a best-in-breed email filtering system, but with the accounts being newly generated, blocking them is ineffective, and filtering by search term is challenging due to false positives. I know end user awareness is critical, but will never be 100% effective. So, I'm interested in knowing what strategies and/or technical controls you might use to combat this issue. And, if you have the same challenge but no solution, I would at least find comfort knowing I'm not alone. I'm also interested in knowing if any divisions prohibit the purchase of gift cards outright, as this would likely be an effective administrative control.I produced a brief video (below) of how this scam works for National Cyber Security Awareness Month, and recently shared this with staff, but unfortunately, it's still problematic for us.
Any help is greatly appreciated.iTunes Gift Card Scam Awareness Video
Director of Technology & InnovationsCairo-Durham Central School District(518) 622-8543, x59500cairodurham.org
We do now have a filter that records any emails with iTunes and Gift Cards as key words, but allow those to be delivered due to the high volume of false positives, but at least we have insight and can take action more quickly.
Thank you so much for the recommendation on the phishing awareness content. I've been looking at Wombat, but will look closer at the one you suggested too.
I had not considered a preamble, but that's an interesting suggestion that I'll look into.
We have also considered blocking emails and/or logins from some countries, but worry about unintended consequences with exchange students, teachers traveling, etc. We will be looking closer at this though.Thanks for the tips!
I do like this approach better than a pre-amble. I know we could enable this very quickly and easily, so we'll give it some serious consideration. We also recently found an option we can configure in 0365 for an anti-impersonation setting we'll look at as wellThank you for the simple, but great idea!Andy