GAPS Phishing Simulation 2024

What to do next time

This was the phishing simulation email. Click on the icons below to see the clues for next time

Uh oh

If you suspect a phishing email, you should: Don't click or open anything: Don't click on any links or open any attachments, including any "unsubscribe" link. Report the email: Report the phishing email by forwarding it to phishing@albany.k12.or.us or use the button in Gmail Delete the email: Delete the email and don't reply to it. If you already clicked or shared details, change your password. Your GAPS.IT team is here to help!

Gmail: how to report phishing

What to do

When you are suspicious

Sense of Urgency

Here are five common phrases:

• "Your account will be suspended unless you act now."
• Suggesting that the recipient could lose access to something valuable.
• "Immediate action required: Verify your account details."
• Pushes the user to respond quickly without thinking.
• "You have [X] hours to confirm your payment."
• A specific time frame increases the pressure to act.
• "Unauthorized login attempt detected: Secure your account."
• This exploits concerns about security, prompting users to act out of fear.
• "Final notice: Claim your [reward/refund] before it's too late."
• This creates the urgency of missing out on something beneficial.

These phrases are designed to make the recipient feel rushed, so they are more likely to overlook warning signs of a phishing attack.

Sense of Urgency

Here are five common phrases:

• "Your account will be suspended unless you act now."
• Suggesting that the recipient could lose access to something valuable.
• "Immediate action required: Verify your account details."
• Pushes the user to respond quickly without thinking.
• "You have [X] hours to confirm your payment."
• A specific time frame increases the pressure to act.
• "Unauthorized login attempt detected: Secure your account."
• This exploits concerns about security, prompting users to act out of fear.
• "Final notice: Claim your [reward/refund] before it's too late."
• This creates the urgency of missing out on something beneficial.

These phrases are designed to make the recipient feel rushed, so they are more likely to overlook warning signs of a phishing attack.

If you hover over the sender, a new enhancement is that you can see the individual's Department/School and Job Role

This isn't a GAPS address

Uh oh

All of our emails end: @albany.k12.or.us @substitute.albany.k12.or us @student.albany.k12.or.us

➡️

Hover

If you hover over - not click - the link, the destination website is visible in the lower left corner of the email window

Shows

This is a link from a link shortener site. These are often used to hide unsavory destinations. Either way, it doesn't look like a password reset destination.

Sense of Urgency

Here are five common phrases:

• "Your account will be suspended unless you act now."
• Suggesting that the recipient could lose access to something valuable.
• "Immediate action required: Verify your account details."
• Pushes the user to respond quickly without thinking.
• "You have [X] hours to confirm your payment."
• A specific time frame increases the pressure to act.
• "Unauthorized login attempt detected: Secure your account."
• This exploits concerns about security, prompting users to act out of fear.
• "Final notice: Claim your [reward/refund] before it's too late."
• This creates the urgency of missing out on something beneficial.

These phrases are designed to make the recipient feel rushed, so they are more likely to overlook warning signs of a phishing attack.