Janesville schools technology chief advises caution after spam attacks
JANESVILLE—The Janesville School District's chief information officer is advising caution when handling school district emails after several employees' email accounts were compromised.
"It's not a Trojan horse. It's not malware. It's not a virus," Robert Smiley said. "It's spam."
Smiley said the problem didn't originate within the district, but rather from a "spammer" who is looking for ways to trick people with Google email accounts, which the district uses.
"We currently rely on a spam filter developed by Google," Smiley said. "It's continually updated as these things come out. But spammers are trying to stay one step ahead of spam filters. It's a constant cat-and-mouse game."
Once Google finds fraudulent accounts, it shuts them down. In the meantime, people need to be savvy and take precautions, he said.
"If you were the spammer, and you were creating this, you would think of ways to trick people," Smiley said.
"If just four or five people click it in an organization this size, it replicates," he said. "We all have a lot of in-boxes."
The emails look like they are coming from Dropbox or Google Drive, Smiley said. People unwittingly have clicked and opened them, which allowed access to their address books, or else they opened an email that asked them to fill out a form giving their passwords.
The district's website posted a notice about the issue Monday, saying that "some staff and community members have received spam messages from a few School District of Janesville staff."
The post recommends that people delete the messages without opening them.
"If you opened the message and clicked on the link, then it's critical that you protect yourself and your information by changing your password," the Facebook post says. "What's more, if you use that password for other places like Amazon, eBay, your bank or any other location, it's imperative that you change your password in all of those places, too."
Smiley said people should be careful with the emails they receive, especially ones that are out of the ordinary.
People need to "be savvy of emails they are opening," Smiley said. "If an important person from India contacts you saying they want to give you money, he really doesn't want to send you $10 million."
If people get emails from someone they don't know, they should not open them, Smiley said. If they receive unusual emails from someone they do know, they should call the sender to verify, he said.
"We need everyone to be reasonably sophisticated with the email they are opening and never give out their password online, ever," Smiley said.