![phishing]([{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_1/v1773175929/bvsdorg/mx7thhnfvq4mve5l5atc/phishingimage_1.png","width":256},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_2/v1773175929/bvsdorg/mx7thhnfvq4mve5l5atc/phishingimage_1.png","width":512},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_3/v1773175929/bvsdorg/mx7thhnfvq4mve5l5atc/phishingimage_1.png","width":800},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_4/v1773175929/bvsdorg/mx7thhnfvq4mve5l5atc/phishingimage_1.png","width":1200},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_5/v1773175929/bvsdorg/mx7thhnfvq4mve5l5atc/phishingimage_1.png","width":1600},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_6/v1773175929/bvsdorg/mx7thhnfvq4mve5l5atc/phishingimage_1.png","width":2200}])
The Boulder Valley School District (BVSD) has experienced a district-wide increase in phishing attempts targeting students. “Phishing” is the practice of sending fraudulent emails with the aim of getting individuals to reveal personal information, such as passwords and credit card numbers.
Most student focused phishing attacks have followed three general themes:
- Account Compromise: Attackers target student accounts which are then hijacked and used to phish staff members. Attackers know there are less security systems between student and staff accounts which makes their phishing attacks more likely to succeed.
- Financial Information Theft: Other phishing attacks may look like job offers or communications from banks. The attackers’ goals are to gather banking account or credit/debit card information from students.
- Gift Cards: Attackers will pretend to need assistance for a fundraiser, school activity, or special interest need. They will ask students to purchase and send them a digital gift card. The attacker will often ask a student for their personal email or cell phone number to evade detection in these phishing schemes.
New notification process for students and families
In response, the district has implemented a notification process to inform families of students in grades 6–12 who are issued BVSD email accounts when their student is targeted by a credible phishing attack.
BVSD utilizes an email security gateway and technologies within our Google environment to protect against phishing attacks but some targeted attacks make it through these systems. Vigilance and quick response are necessary to thwart these more advanced attacks.
BVSD IT teams will now inform students and their families if students are targeted by phishing attacks. Notifications will be sent only to students and families who are impacted by phishing attacks and will have specific instructions on how to respond to attacks.
Your role in preventing phishing attacks
- Students – Students should be vigilant and report suspicious phishing messages by following these instructions. Students and their families will receive notifications if IT teams determine that the student has interacted with a phishing email. The notification will include instructions specific to the message the student received and directions for obtaining additional support if needed.
Note: IT teams will disable the student’s BVSD account if there is an indication that an attacker could potentially gain access to their account. Students should reach out (or work with a teacher) to the IT service desk who will help to reset the password and enable the account.
- Families – Have conversations with your students regarding digital citizenship practices (listed below). Remind them to never share their username and password after clicking a link in an email. Also, remind them never to share personal information via email.
BVSD IT teams will notify you if your student was targeted by a phishing attack. This notification will be sent to the email address registered in Infinite Campus. Please ensure this address is correct by following these instructions. Notifications will include instructions specific to the message your student received and directions for receiving additional support if needed.
- School Leadership – School leadership teams will be sent lists of students impacted by larger phishing campaigns. These lists will be sent for awareness in case families have general concerns or questions about an attack. Staff will also be reminded of how to direct families to IT teams for additional support if needed.
- Service Desk – The service desk is aware of all phishing attacks targeting students and staff. They assist the InfoSec team in gathering information, help disseminate it if necessary, and assist with the technical aspects of responding to attacks.
- Information Security - The InfoSec team is the primary point of contact for detecting attacks and coordinating responses. The team will identify individuals affected by phishing attacks. They will then create related communications for students and their families affected by attacks, and another for district staff supporting those affected. Communications will include content to help identify phishing messages and specific instructions on how to respond to attacks.
Digital Citizenship Resources
It’s never too early to start talking to kids and teens about the risks they face online, and continue talking about them at every age. Like teaching a child how to safely cross the street, continuous discussions and reminders are key to safe online habits.
For younger kids:
- Teach them not to click on pop-ups.
- Explain that they should never share passwords, addresses, or personal information with people they don’t know online.
- Create a series of steps they should follow if they see inappropriate content, such as looking away and telling a parent or trusted adult.
- Warn them not to trust people they meet online, and tell them they should tell a trusted adult if someone makes them feel nervous, scared, or uncomfortable.
- Teach online etiquette and how to be respectful of others, and let them know they should tell someone if they feel disrespected.
- Help them identify a trusted adult or guardian they can go to for help.
For tweens and teens:
- Talk about how they should never post personal information or inappropriate content.
- Discuss sexting and the permanency of online data.
- Teach them how to avoid online predators by setting up privacy controls on their devices, such as restricting app location access.
- Explain the warning signs that characterize online predators.
- Tell them that safe adults won’t ask them to keep secrets or disrespect their boundaries.
- Help them identify a trusted adult or guardian they can go to for help.
- Discuss steps they can take if a friend confides in them about inappropriate online interactions, such as telling a trusted adult or pointing them to Safe2Tell resources.
- Explain that minors shouldn’t disseminate materials of a sexual nature because it’s illegal.
- Explain that even if they’ve already shared sexual materials or been involved in inappropriate online interactions, it’s not too late to tell an adult and get help.
- Discuss cyberbullying.
Families wanting additional online safety resources should visit the Internet Crimes Against Children: Internet Safety webpage.
Have questions for our Information Technology team about our response? Learn more on our BVSD Information Technology webpage or contact our service desk at help.bvsd.org or by calling 720-561-HELP.
![Kids at light table]([{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_1/v1775855340/bvsdorg/krkvcsevpg3wnzm5bg1e/Emeraldphotoday12.jpg","width":256},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_2/v1775855340/bvsdorg/krkvcsevpg3wnzm5bg1e/Emeraldphotoday12.jpg","width":512},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_3/v1775855340/bvsdorg/krkvcsevpg3wnzm5bg1e/Emeraldphotoday12.jpg","width":800},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_4/v1775855340/bvsdorg/krkvcsevpg3wnzm5bg1e/Emeraldphotoday12.jpg","width":1200},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_5/v1775855340/bvsdorg/krkvcsevpg3wnzm5bg1e/Emeraldphotoday12.jpg","width":1600},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_6/v1775855340/bvsdorg/krkvcsevpg3wnzm5bg1e/Emeraldphotoday12.jpg","width":2200}])
![Front of Ed Center]([{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_1/v1746217753/bvsdorg/efqtsj1tgreuk3nc8pwj/FrontofEdCenter.jpg","width":256},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_2/v1746217753/bvsdorg/efqtsj1tgreuk3nc8pwj/FrontofEdCenter.jpg","width":512},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_3/v1746217753/bvsdorg/efqtsj1tgreuk3nc8pwj/FrontofEdCenter.jpg","width":800},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_4/v1746217753/bvsdorg/efqtsj1tgreuk3nc8pwj/FrontofEdCenter.jpg","width":1200},{"url":"https://resources.finalsite.net/images/f_auto,q_auto/v1746217753/bvsdorg/efqtsj1tgreuk3nc8pwj/FrontofEdCenter.jpg","width":1280}])
![adults talking around a table]([{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_1/v1775763870/bvsdorg/dbgqimyl2otuanohi9rn/IMG_1750.jpg","width":256},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_2/v1775763870/bvsdorg/dbgqimyl2otuanohi9rn/IMG_1750.jpg","width":512},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_3/v1775763870/bvsdorg/dbgqimyl2otuanohi9rn/IMG_1750.jpg","width":800},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_4/v1775763870/bvsdorg/dbgqimyl2otuanohi9rn/IMG_1750.jpg","width":1200},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_5/v1775763870/bvsdorg/dbgqimyl2otuanohi9rn/IMG_1750.jpg","width":1600},{"url":"https://resources.finalsite.net/images/f_auto,q_auto/v1775763870/bvsdorg/dbgqimyl2otuanohi9rn/IMG_1750.jpg","width":2048}])