Discussions

Many of you may get an email - see screenshot - that looks like some phishing test from KnowBe4 or the like. The email has language that reads like a phishing email and warns of getting locked out of your account...

As we are a school that used KnowBe4 and did not want to fall for a trick, I did a quick Google search and found several posts stating that the email is legitimate. When I went to my page, there was a call to action banner at the top to address the issue and a set-up wizard to walk you through the process (step-by-step included in the previous link).

The process walks you through a few screens, but in the end, it will require that you have MFA/2FA enabled to protect your account. As I have spoken about many times, enabling MFA/2FA is part of the baseline that everyone should be doing for their accounts when they set them up or once they know that it is available or hasn't been enabled (like me with my Facebook account).

While this is important to know from a cyber security standpoint and how to answer questions from our faculty, staff, and students, it is also vital that those who have access to our school's official Facebook Pages address this. You would be well served to check any Facebook Page you have associated with the school and see who the admins and editors are and confirm with them that they have MFA/2FA enabled for their account whether they received this email or not.
#CybersafetyandDataSecurity

------------------------------
William Stites
Director of Technology
Montclair Kimberley Academy
------------------------------

Wow. I would absolutely not have believed that was legitimate, but that's a great reminder! 

Matt

------------------------------
Matthew Norko
Director of Technology
Foxcroft School
------------------------------

Original Message:
Sent: 03-16-2022 09:01 AM
From: William Stites
Subject: Facebook Protect Email is Legit... MFA Required

Many of you may get an email - see screenshot - that looks like some phishing test from KnowBe4 or the like. The email has language that reads like a phishing email and warns of getting locked out of your account...

"Your account has the potential to reach a lot more people than an average Facebook user. Hackers are often motivated to attack accounts that have a lot of followers, run important Pages, or hold some community significance."

As we are a school that used KnowBe4 and did not want to fall for a trick, I did a quick Google search and found several posts stating that the email is legitimate. When I went to my page, there was a call to action banner at the top to address the issue and a set-up wizard to walk you through the process (step-by-step included in the previous link).

The process walks you through a few screens, but in the end, it will require that you have MFA/2FA enabled to protect your account. As I have spoken about many times, enabling MFA/2FA is part of the baseline that everyone should be doing for their accounts when they set them up or once they know that it is available or hasn't been enabled (like me with my Facebook account).

While this is important to know from a cyber security standpoint and how to answer questions from our faculty, staff, and students, it is also vital that those who have access to our school's official Facebook Pages address this. You would be well served to check any Facebook Page you have associated with the school and see who the admins and editors are and confirm with them that they have MFA/2FA enabled for their account whether they received this email or not.
#CybersafetyandDataSecurity

------------------------------
William Stites
Director of Technology
Montclair Kimberley Academy
------------------------------

Thanks for the tip and doing the background to validate the call to action from Facebook.

------------------------------
Susan Murray
Oak Hill Academy
------------------------------

Original Message:
Sent: 03-16-2022 09:01 AM
From: William Stites
Subject: Facebook Protect Email is Legit... MFA Required

Many of you may get an email - see screenshot - that looks like some phishing test from KnowBe4 or the like. The email has language that reads like a phishing email and warns of getting locked out of your account...

"Your account has the potential to reach a lot more people than an average Facebook user. Hackers are often motivated to attack accounts that have a lot of followers, run important Pages, or hold some community significance."

As we are a school that used KnowBe4 and did not want to fall for a trick, I did a quick Google search and found several posts stating that the email is legitimate. When I went to my page, there was a call to action banner at the top to address the issue and a set-up wizard to walk you through the process (step-by-step included in the previous link).

The process walks you through a few screens, but in the end, it will require that you have MFA/2FA enabled to protect your account. As I have spoken about many times, enabling MFA/2FA is part of the baseline that everyone should be doing for their accounts when they set them up or once they know that it is available or hasn't been enabled (like me with my Facebook account).

While this is important to know from a cyber security standpoint and how to answer questions from our faculty, staff, and students, it is also vital that those who have access to our school's official Facebook Pages address this. You would be well served to check any Facebook Page you have associated with the school and see who the admins and editors are and confirm with them that they have MFA/2FA enabled for their account whether they received this email or not.
#CybersafetyandDataSecurity

------------------------------
William Stites
Director of Technology
Montclair Kimberley Academy
------------------------------