Cybersecurity Awareness Month

Recognize and Report Phishing

What Is Phishing?

Phishing is a tactic used by cybercriminals to trick individuals into clicking on links that include harmful attachments or attempt to collect sensitive information. These deceptive messages, often disguised as emails or texts, often appear as if they are from a trusted source. You can protect yourself from phishing with these three simple steps.

1. Recognize the Signs

Watch for these common indicators of phishing:

• Language that creates urgency or fear, such as threats of account closure
• Requests for personal or financial details
• Suspicious shortened URLs
• Misspelled websites or fake addresses (e.g., amazan.com)
• While poor grammar used to be a giveaway, AI-generated messages may now appear polished—so stay alert for other red flags

2. Resist the Urge

If something feels off, don’t click. Avoid opening links or attachments from unfamiliar or suspicious sources. Instead, report the message using built-in tools—look for “report spam” options or flag the sender’s profile.

3. Delete Immediately

Don’t engage. Don’t reply. Don’t click—even on “unsubscribe” links. Just delete the message.

4. Report Phishing

Report it to your IT department or email/phone provider. 

*For GGUSD Employees

As a reminder, an email reporting feature called PhishAlarm was added to the District Outlook email system so that you can easily report suspicious email to be reviewed and blocked.

A “Report Suspicious” button is now on every email. Simply click on the button to report the email as suspicious. See examples below:

Outlook Client:

Outlook Web:

COMMON PHISHING RED FLAGS:

• A tone that’s urgent or makes you scared​

Ex: "Click now or your account will be closed"​

• Sender email address doesn’t match the company it’s coming from

Ex: Amazon.com vs. Amaz0n.com

• Unexpected communication

Ex: Emails or calls you weren’t anticipating.

• Requests to send personal info

Ex: Legitimate companies don’t ask for sensitive data via email or unsolicited calls.

• Misspelled words, bad grammar​ and odd URLs can still be a sign of phishing.

[Source: CISA, used with permission.]

Use Strong Passwords

Why Strong Passwords Matter

Using simple passwords like “12345” or personal details such as birthdays or pet names puts your accounts at serious risk. It’s like locking your front door but leaving the key in plain sight. Weak passwords are easy targets for hackers.

Strengthen Your Passwords in Three Steps

1. Make It Long

Aim for at least 16 characters—the longer, the better.

2. Make It Random

Choose one of these methods:

Random string of mixed-case letters, numbers, and symbols
Examples:

• cXmnZK65rf*&DaaD
  
• Yuc8$RikA34%ZoPPao98t

Passphrase made of 4–7 unrelated words
Examples:

• Good: HorsePurpleHatRun
• Great: HorsePurpleHatRunBay
• Amazing: Horse Purple Hat Run Bay Lifting
  (Spaces are optional—use them if allowed)

3. Make It Unique

Never reuse passwords across accounts. Each one should be different.

Examples:

• Bank: k8dfh8c@Pfv0gB2
• Email: legal tiny facility freehand probable enamel
• Social Media: e246gs%mFs#3tv6

[Source: CISA, used with permission.]