Welcome

Let's talk about email security.

Email is the most common way attackers try to get into our systems. You don't have to be a tech wizard to be a target — and you don't have to be a tech wizard to protect yourself either.

This training will walk you through what phishing, spoofing, and other email-based attacks look like, how to spot them, and exactly what to do when something seems off.

At the end, you'll take a short 10-question quiz. You'll need to score 80% or higher to complete the course. You can retake the quiz as many times as needed.

What you'll learn:

What phishing, spear phishing, and spoofing are
Red flags to watch for — including unexpected attachments, suspicious links, and common scam themes
Why verifying through a separate channel is your best defense
Safe handling habits: links, passwords, sensitive data, and device security
RSU #87's official reporting procedure
What to do if you accidentally click something

Module 1 of 7

Why Does Email Security Matter?

More than 90% of cyberattacks start with an email. It's cheap, it scales, and it works — because it targets people, not just software.

Attackers aren't just going after big corporations. Schools, nonprofits, and small organizations are frequently targeted because they often have valuable data (student records, payroll, personal information) and fewer dedicated security resources.

The good news? Most email attacks rely on tricking you into taking an action — clicking a link, opening a file, entering a password. That means you are the most important line of defense. Knowing what to look for makes a real difference.

Real consequences of a successful attack:

Ransomware that locks every computer on the network
Stolen student or staff personal data
Fraudulent wire transfers or payroll changes
Months of recovery work and significant costs

Module 2 of 7

What Is Phishing?

Phishing is when an attacker sends an email pretending to be someone or something trustworthy — like Microsoft, your bank, or even a coworker — to trick you into handing over credentials, clicking a malicious link, or opening an infected attachment.

Think of it like a digital version of a con artist. They're not breaking down a door — they're getting you to open it for them.

Example — Typical Phishing Email (as seen in Gmail)

←

🗃

🚫

🗑

1 of 847

⚠️ Unusual sign-in activity detected — verify your account now

Inbox

G

Google Accounts Team

10:14 AM

to me

from: Google Accounts Team <noreply@google-accounts-verify.net>

to: you@rsu87.org

⚠ This sender's domain (google-accounts-verify.net) does not match google.com

Dear User,

We've detected unusual sign-in activity on your Google Workspace account. Your account will be suspended within 24 hours unless you verify your identity immediately.

🔗 Click here to verify your Google account →

The Google Accounts Team

↩ Reply

↪ Forward

What makes this suspicious?

Expand the ▼ details arrow — the sending domain is google-accounts-verify.net, not google.com
It creates artificial urgency ("24 hours")
It addresses you as "Dear User" — not by name
It asks you to click a link to enter your credentials

Module 3 of 7

Spear Phishing — When It Gets Personal

Regular phishing casts a wide net. Spear phishing is targeted — the attacker researches you specifically before sending the email.

They might know your name, your supervisor's name, a project you're working on, or even something from your school's public website. That makes the email feel much more legitimate and harder to spot.

Example — Spear Phishing Email (as seen in Gmail)

←

🗃

🚫

🗑

1 of 847

Quick request — staff gift cards

Inbox

P

Dr. Patricia Mills

8:47 AM

to me

from: Dr. Patricia Mills <p.mills@rsu87-admin.org>

to: you@rsu87.org

⚠ This sender's domain (rsu87-admin.org) is different from your organization's domain (rsu87.org)

Hi [Your Name],

I'm in back-to-back meetings today and can't make calls. I need you to purchase 5 Amazon gift cards ($100 each) for a staff recognition surprise — it's time-sensitive. I'll reimburse you this afternoon.

Please send me the card numbers and PINs as soon as you have them. Don't mention it to anyone yet — I want it to be a surprise!

Thanks so much,
Dr. Mills

↩ Reply

↪ Forward

Why this one is tricky:

Uses a real name (the superintendent/principal) — attacker found it online
Creates urgency and a reason they can't be called ("in meetings")
Asks for secrecy ("don't mention it") to prevent you from checking
The domain is rsu87-admin.org — not rsu87.org

When in doubt, call the person directly using a number you already have — not one in the email.

Module 4 of 7

Email Spoofing — Fake Senders

Email spoofing is when an attacker forges the "From" field of an email to make it look like it came from someone you trust — a colleague, IT, your bank, or a well-known company.

There are two types to be aware of:

Type 1 — Display Name Spoofing

Gmail shows the sender's display name prominently. The real email address is hidden until you click the arrow to expand details. Attackers count on you never checking.

Click the ▼ details arrow below to see what's actually hiding behind a trusted-looking name.

←

🗃

🚫

Action required: Update your password now

IT

IT Department

2:03 PM

to me

from: IT Department <support@help-desk-notice.ru>

to: you@rsu87.org

⚠ .ru is a Russian domain — this is NOT from your IT department

Your password expires today. Click the link below to reset it immediately to avoid losing access.

🔗 Reset my password →

Type 2 — Domain Lookalike

The address looks almost exactly right — but one small change makes it completely different. These are easy to miss when you're busy.

Real it@rsu87.org

Fake it@rsu-87.org (dash added between rsu and 87)

Fake it@rsu87.org.support-desk.com (real domain buried in the middle — the actual domain is support-desk.com)

Fake it@rsu87-helpdesk.com (looks official, completely different domain)

Habit to build: In Gmail, always click ▼ details to expand the sender info and read the full email address before clicking anything or replying.

Module 5 of 7

Red Flags — What to Watch For

No single red flag means an email is definitely malicious, but the more you spot, the more suspicious you should be. Here are the most common ones:

Urgency or threats — "Act now," "Your account will be deleted," "Last warning." Pressure is a tool to stop you from thinking.
Unexpected requests involving money or sensitive info — Gift cards, wire transfers, W-2 forms, invoices, payroll changes you didn't initiate.
Common lures — Missed package delivery, account locked, unpaid invoice, password expiring, prize won. These work because they feel plausible.
Suspicious sender address — The display name looks right but click ▼ details in Gmail to see the real address. Look for extra dashes, misspellings, or unfamiliar domains.
Suspicious links — Hover over a link before clicking. If the URL looks odd, shortened, or doesn't match the supposed site, do not click it. When in doubt, navigate to the real site yourself by typing the address.
Dangerous attachments — Be especially wary of Office files (Word, Excel) that ask you to "Enable Macros," ZIP files, and any executable (.exe, .bat) files. Even PDFs can carry malware.
You weren't expecting it — If you didn't initiate the contact or request, treat it with extra suspicion — especially if it asks for action, credentials, or sensitive data.
Requests for credentials or sensitive data — Legitimate services never ask for your password, Social Security number, or full credit card number via email.
Asks for secrecy — "Don't tell anyone," "This is between us," "It's a surprise." A major warning sign designed to prevent you from verifying.
Poor grammar or unusual phrasing — Not always present in modern attacks, but still a clue.

Quick gut check: Ask yourself — "Was I expecting this email? Does this request make sense? Would I feel comfortable calling this person on a number I already have to verify?" If anything feels off, verify before acting — never reply to the suspicious email to check.

Module 6 of 7

When In Doubt — Always Verify

This is the most important habit you can build: if you weren't expecting an email, especially one asking for sensitive information or urgent action, verify it through a completely separate channel before doing anything.

Don't reply to the email. Don't call numbers listed in it. Don't click links in it. Use a contact method you already trust.

How to verify through another channel

1

Call the person using a phone number you already have saved — not one from the email. Ask them directly if they sent it.
2

Navigate to the official website yourself — type the address directly into your browser. Don't click links in the email, even if they look right.
3

Contact IT — when in doubt, forward the email to it@rsu87.org and ask before taking any action.

Example — Package Delivery Lure (as seen in Gmail)

←

🗃

🚫

Your package could not be delivered — action required

Spam

U

UPS Delivery Notification

Yesterday

to me

from: UPS Delivery Notification <noreply@ups-delivery-track.info>

to: you@rsu87.org

⚠ ups.com is the real UPS domain — ups-delivery-track.info is not

We attempted to deliver your package but were unable to complete delivery. Your package will be returned in 24 hours unless you confirm your delivery address.

🔗 Reschedule my delivery →

UPS Customer Service

What to do instead of clicking: Were you actually expecting a UPS package? If yes — go directly to ups.com and enter your tracking number there. If no — this is almost certainly a phishing email. Report it to IT.

This same pattern works for FedEx, USPS, Amazon, your bank, your health insurance, and any other trusted brand. Attackers clone them all. The URL in the email is never trustworthy. The real website always is.

Never enter your password on a page you reached by clicking an email link. Fake login pages can look pixel-perfect — same logo, same layout, same colors. If an email sends you to a sign-in page, close it and navigate to the real site yourself by typing the address.

Module 7 of 7

Safe Habits That Make a Real Difference

Beyond spotting bad emails, a few everyday habits significantly reduce your risk — and protect your coworkers and students too.

🔒 Safe Handling of Messages

Never enter your password on a page you reached from an email link. Close the page and type the real website address yourself.
Don't forward suspicious emails to coworkers to "warn them" — this can spread the threat. Use the Gmail Report phishing option or forward to it@rsu87.org instead.
Lock or log out of your device when stepping away — even briefly. Anyone who sits down can access your email.
Keep your device and apps updated. Updates patch known security holes that malware in email attachments and links actively exploit.
Trust security prompts. If your device or browser warns you that a site is dangerous or an attachment looks suspicious, believe it — don't click through.

🔐 Protecting Sensitive Information

Never send passwords, Social Security numbers, or full credit card numbers via email — email is not a secure channel unless your organization has set up specific encrypted tools for this.
Watch auto-complete when addressing emails. Gmail will suggest recipients as you type — double-check that you're sending to the right person, especially when the email contains student records, payroll data, or personal information.
Follow your organization's data handling policies. If you see a classification label, an encryption prompt, or a DLP (data loss prevention) warning — don't bypass it for convenience. Those prompts exist for a reason.
When in doubt about whether something is sensitive — treat it as if it is. Ask IT rather than assuming it's okay to send.

The bottom line: Good email security isn't just about spotting attacks. It's also about how you handle information every day — what you send, who you send it to, and how you manage access to your account.

RSU #87 — Official Reporting Procedure

What To Do When You Spot Something Suspicious

Think you received a phishing or suspicious email? Here's exactly what to do — step by step.

If you received a suspicious email:

1

Do not click any links, open any attachments, or call/email any contact information contained in the email. Even if it looks legitimate.
2

Contact IT immediately. Call or message the IT department, and/or forward the email to it@rsu87.org.
3

Leave the email in your inbox. Do not delete it, move it, or print it. IT needs the original email intact to investigate.
4

Wait for IT's guidance. They'll let you know when it's safe to delete the email and whether any further action is needed.

💌 A note from the IT Department

These emails are designed by professionals to fool people. They are crafted to look real, feel urgent, and bypass your instincts — and they work on everyone, including people who work in cybersecurity.

If you click a link, open an attachment, or realize after the fact that something was suspicious, please never hesitate to reach out to us. There is absolutely no judgment here. Mistakes happen, and they happen to the best of us.

What matters most — the only thing that matters — is that you let us know right away. The sooner we hear from you, the more we can do to protect you and everyone else in the district. A quick call or email to IT can prevent what might otherwise become a serious incident.

We are here to help, not to judge. You will never be in trouble for reporting something in good faith, and you will never be criticized for asking us a question. Please always feel comfortable reaching out.

If you accidentally clicked a link or opened an attachment:

Take a breath — then act quickly. You've got this.

1

Contact IT right away — call or email it@rsu87.org. Don't wait to see what happens. The faster we know, the more we can do.
2

Do not interact further with the email — don't click anything else, don't reply, and don't call any numbers listed in it.
3

Leave the email in your inbox — IT still needs it to investigate, even after an accidental click.
4

Follow IT's instructions. They may ask you to disconnect from the network, change your password, or take other steps — they'll walk you through it.

No after-hours emergency line? If something happens outside of normal hours, still email it@rsu87.org right away and follow step 2 above — do not interact with the email or any contact information within it until IT responds.

Knowledge Check

Time for the Quiz

You've made it through the content — great work. Now let's see how much stuck.

The quiz has 10 questions. You'll get immediate feedback after each answer. You need to score 80% or higher (8 out of 10) to pass.

If you don't pass on the first try, no problem — you can retake it as many times as you need.

Tip: Questions cover the full course — reporting procedure, red flags, safe handling habits, and how to verify suspicious emails. The reporting procedure and "When In Doubt" slides are especially worth reviewing.

Results

--

Score

Reporting reminder: Suspicious email? Call or message IT, forward to it@rsu87.org, leave it in your inbox, and never click links or attachments in the email. If you accidentally click something — contact IT immediately. No judgment, ever.

Thank you for completing this training.

Your awareness is one of the most important defenses our district has. Attackers rely on people not knowing what to look for — and now you do.

If you ever have a question, something feels off, or you just want a second opinion on an email, please reach out to us anytime at it@rsu87.org. We would rather hear from you ten times about something that turns out to be nothing than not hear from you once about something that matters.

— RSU #87 IT Department