Recently KIPP, as a whole, has witnessed an increase in emails that are phishing/spam in nature. They’ve been masked as “Memo From the Hr Dept”, “Memo from the HR Department”, or offering pianos and other services. Although we could understand the excitement for free pianos, please take the time to approach questionable e-mails with caution.
This article provides tips on identifying whether an email is spam/phishing. (To learn more about phishing, see What is phishing?)
- Tip 1: Check the Sender
- Tip 2: Only in RARE circumstances will HR send you a link directly via email
- Tip 3: Inspect - Hover (don't click) over the link
- Tip 4: Red Flag requests for Sensitive Info
- Tip 5: It's OK to ask
See also:
- What to do if my email is Spam/Phishing?
- I clicked on a link (or submitted personal info) via a spam/phishing email! What do I do?
TIP 1: Check The Sender
By double clicking the sender’s name in Outlook (see screenshots below), you can see who the person is. If this person does not work at KIPP NJ/Miami/TEAM and Family or clearly isn’t in a department that is related to that email, it is safe to assume that it’s a phishing email.
TIP 2: Only in RARE circumstances will HR, Tech or other departments send you a link directly via email
One of the goals of moving to ADP as our HRIS (Human Resources Information System) was to streamline document collection, information gathering, and information sharing.
Only in RARE circumstances will HR send you a link directly via email (as opposed to directing you to ADP) and when they do, the email will almost ALWAYS come from humanresources@kippnj.org.
Even IF you see an email from that address, it’s best to follow Tip 1 to confirm the sender. (Sometimes phishing emails can mask the “Display Name” - the name you double click in Tip 1.)
In addition, Technology, Data, T&L, etc. will also usually provide directives on how to update information on verified websites with instructions. They will rarely send you a link directly via email that will prompt you for your username and password.
TIP 3: Inspect - HOVER (don’t click) over the link
Hovering over links in emails will show you the path of the link. As you can see in the screenshot below, it is definitely not a message from the HR department.
Please ensure you hover (don’t click) otherwise you risk opening the link. Because of this, this tip should only be done on the computer (never on the phone).
Tip 4: Red Flag requests for Sensitive Info
Additionally, be immediately caution whenever anyone is asking for sensitive information. This includes your address, phone number, social security, login and password information, or anything that is unique to you.
Human Resources will almost always ask you to update your information through ADP and other teams (i.e. Data, Technology, T&L, etc) will usually provide directives on how to update information on verified websites with instructions.
If a link is provided asking you to update/enter information directly through a link/reply or in a location you do not immediately recognize, please follow Tip 5.
TIP 5: It’s OK to ask
If (1) the sender is unknown and/or (2) the content of the email is unexpected, it’s always OK to send a separate email to the appropriate department (and follow Tip 1 to ensure it’s going to an actual KIPP email address and not a random external account) and ask “Did you intend to send this to me?”.
Additionally, please reach out to your DSO or SL for more information if an e-mail is questionable.
Alternatively, feel free to submit a ticket to the Technology team at technology@kippnj.org to verify the email's validity.
Comments
0 comments
Article is closed for comments.