09-25-2018 Phishing Security Advisory Update

Olathe Public Schools USD#233

Information Security Advisory

9/25/2018

 

Issue:

The Olathe Public Schools Technology Division is working to resolve a “Phishing” attack which targets users with the goal of stealing their email login credentials.

Timeline:

First report of this issue was on 9/24/2018 around 11am.  The district identified the threat and blocked district staff, faculty and student access to the attacker’s website at around 2pm that day.  We are still receiving infrequent reports of compromises of people who check their email infrequently and are off site.

Description of Attack:

The attacker seems to use the logins that they harvest to in turn log into their email account and to reply to the email in their account with a specially crafted message that aimed at convincing people to click on the link and to login using their email account credentials.  The email details are changed every time which makes it difficult to block the email outright.

What to do if you receive this email:

  • If you are a district employee and you see an email asking you to “click here” and you typed in your username and password, please change your password and contact the helpdesk(helpdesk@olatheschools.org).
  • If you are not associated with the school district and you typed in your email username and password please contact your Internet Service Provider support and change your password.
  • If you clicked on the email but didn’t login and the email is from “olatheschools.org” please forward it to the helpdesk (helpdesk@olatheschools.org) then delete it.
  • Otherwise please delete the email.
  • It is security best practice not to re-use passwords on multiple different accounts, if your email account is compromised please also change your password if it is re-used elsewhere.