Tech Tips

  • Return to work: Technology Considerations

    Posted by Juancho Forlanda on 4/23/2021 11:00:00 AM

    As you return and find yourself back at the office (after one year of remote or distance work), you may find technoology in your office or classroom like you would after coming back from the summer break.  With that, please take note of these suggestions to help you transition back as smooth as possible.

    • 🆘 Technical SupportCall technical support if you need tech help

    Technical Support is always available via our online helpdesk system at https://helpdek.stocktonusd.net, or by phone at ext. 4357 (spells H-E-L-P) (209-933-7090 then pres 1 if calling outside the SUSD phone system)

    • 💻 Windows UpdatesRestart your computer before leaving for home daily until caught up with udpates

    If you've been remote and have not been on the District network, your computer is overdue some updates.  This computer could be a laptop you took home or a desktop computer that has been OFF for the past year.  You will get prompted for updates.  The best approach to this is to restart your computer just before you leave for home.  Doing this will ensure the update processes are completed on the shutdown and start up sequences.  Depending on how far behind your computer is on updates, it will probably take a couple or more restarts before your computer is caught up on updates. IMPORTANT:  if you don't do the restart before you leave for home and decide to do it during work hours, expect to wait 1 or more hours before the update process completes.

    • 📶 WIFIAccept connection to SUSD-Secure

    While you all were out working remotely, early last we updated the security of our WIFI network.  You may find that you are being prompted by your laptop computer to connect to SUSD-SCURE.  When you do, simply select connect and accept it, and it will connect to SUSD-SECURE from this point forward with no additional prompts.  WiFi-Cb continues to be the wireless network used by our students Chromebooks, and SUSD-Guest continues to be our OPEN WIFI, perfect or visitors.

    • ☎ PhonesConnect your phone

    If your phone shows no sign of being powered, more than likely it has been disconnected.  This YouTube video gives you an idea of how to reconnect it.  If this doesn't help, make sure to reach out to HelpDesk.

    • 🖨 PrintersConnect your printers

    It is also possible your printer has been disconnected.  If it has been and you are able to track down the cable and the network drop where it belongs, feel free to reconnect it.  If problem persists, feel free to contact Helpdesk.

    • 🎤 Classroom TechConnect your classroom tech

    As a teacher, you will find technology in your classroom to help with hybrid instruction.  If you connect your laptop to this technology, and it isn't working as expected, make sure to contact Helpdesk.  If the classroom technology is operational, but you need help on how to apply it to your hybrid instruction, please contact the Instructional Tech team via PDCsupport@stocktonusd.org.  Note that the Curriculum Dept. has scheduled many PD sessions to help teachers with this.  Please keep your eyes open for emails on that matter from the Curriculum team.  IMPORTANT:  If you think a classroom was missed or there are missing items, please let your administrator know.

    Comments (-1)
  • Examples of Phishing/Scam Emails in the District

    Posted by Juancho Forlanda on 2/4/2019

    Lately we've seen email scams designed to steal your login credentials or just simply steal money from you.  Below are real examples we've seen reported.  It should help you discern the bad from the good.

    The one below is an email that makes it look like someone has taken over your account because the email looks like it came from your own account.  It is trying to scare you into paying some money through bitcoin.

    fake security notice

     

    The one below is an email spoof from an external email source, sending an email out on behalf of the Superintendent.  The email claims there is an attachement you must open.  And in that attachment, there is a link that will take you to what looks like a login prompt.  

    spoofed email from sup

    Comments (-1)
  • 2018 Phone Quick Start Guide

    Posted by Juancho Forlanda on 10/15/2018

    You may have already received your new phone, but it didn't come with a manual.  Fortunately, it is available and you can get it here:

    Please review it so that you have a good understanding of how to quickly take advantage of the features your phone has.  If you have any questions about it, please don't hesitate to contact our helpdesk online via https://helpdesk.stocktonusd.net/ or call ext. 4357 (H-E-L-P).

    Comments (-1)
  • How to Reset Your District Password

    Posted by Juancho Forlanda on 10/9/2018

    If you ever forget your password and can't login, you'l need to either contact helpdesk or reset the password yourself.  This video explains how to do it, and it assumes you've registered for the password reset service (see this video).

    Comments (-1)
  • How to Register for Self-help Password Reset Service

    Posted by Juancho Forlanda on 10/9/2018

    If you want the ability to reset your password, you'll want to register for the self-help password reset service.  This video shows you how to do it.  Once you have registered for this service, you will be able to reset your password even if you don't recall your original password by answer a couple of security questions that only you know the answer to.

    Comments (-1)
  • How to Change Your District Password

    Posted by Juancho Forlanda on 10/9/2018

    Occasionally you find the need to change your password.  One scenario where this becomes necessary is if your account has been compromised--say through some phishing emails.  What this video.  It shows you how to change your password.

    Comments (-1)
  • How to Detect Phishing Emails

    Posted by Juancho Forlanda on 9/17/2018

    No Phishing Phishing emails have become very common in todays online world.  Since email is still a very common means of communication and collaboration for businesses--both private and public sectors alike--it remains a very viable means to hack people's accounts.  What is phishing?  Phishing is a play on words because it is a way to "hook" a victim into divulging their online account--be it their email, bank, social media, or online cloud account (like Google for Business or Office 365 from Microsoft).

    Whether you've been a victim of email phishing or not, you'll want to pay attention to this article.  Phishing technics have advanced in a way that it is almost a no contest between the hacker and the victim.  That's because it really has become difficult to discern a good email from bad.  Even if the email is from a legitimate source, there is no guarantee it is legitimate.

    With such disheartening revealation, one must think that it is almost futile to resist phishing.  However, if you read this article, you will learn enough to avoid most phishing attempts.

    Common and Easy to Spot Phishing Emails

    This section describes the most common attributes of your "run-of-the-mill" phishing emails.  The easiest phishing emails to spot are those with the following attributes:

    • From/Reply To email inconsistent:  The source email is not from someone you know or is from some a domain that doesn't match the purported email domain it claims to belong.  For example, staff receive emails from a source who claims to be from the IT department.  Our domain is stocktonusd.net, and as such we would expect the email source (REPLY TO or FROM field) to say something like support@stocktonusd.net.  However, upon close examination of the source email address, it shows it to be coming from another email domain--e.g. helpdesk@someDistrict.co.ru.
    • Many Typographical errors:  The email has many typographical errors--meaning that the email author may probably from a foreign country whose primary language isn't English.
    • Suspicious Link or attachment:  The email has a suspicious link (i.e. hover over it and the domain of the URL isn't consistent with the domain name it purports to be (e.g. the email claims to come from comcast.com, but the link goes to corncast.com.  If you don't pay attention, both domains look the same, but upon close inspection the second domain name is really spelled differently from the first--specifically the first says "c o m c a s t . c o m, while the second says "c o r n c a s t . c o m".  Also it is possible that the email has an attachment that is infected or has a benign attachment with a link, that when clicked will take you to a phishing site where the actual phishing occurs.

    In most cases, the phishing happens when you click a link and enter your login credential.  At this point, your account is breached.  If your account is breached, change your password right away, and report the incident to the IS or IT  Department.

    Latest Phishing Trends

    The previous type of phishing emails are the easiest to spot.  However, the latest trends in phishing makes detecting them tougher.  That's because the latest phishing emails are coming from legitimate email sources like people you know whose accounts have been hacked.  How can you tell if what you received from a legitimate source is a phishing email?

    By its very nature, the Internet and the email protocols were designed to be open for ease of information exchange.  This makes it very insecure.  So in general, you can't trust anything you get in email because it can literally come from anyone.  The only way you can truly be aware of who you are getting emails from is through the use of public key infrastructure (PKI) which allows users to digitally sign their emails to prove their identity and also prove the integrity of their email content.  This is achieved through the exchange of cryptographic keys which allows both sides to secure their emails.  This is beyond the scope of this article, but needed to be mentioned for completeness.

    That said, if you receive an email from a known source, and you aren't expecting it, and the email wants you to click a link or open an attachment, you can:

    • If there is a link:  Hover your cursor over the link to see if the link looks "legit".  If you aren't sure, copy the link and submit it to virustotal.com for analysis.  That site can take URLs for analysis, and using many rules tell you if it is suspicious or dangerous.
    • If there is an attachment:  Don't open the attachment.  Instead download it and submit the file to virustotal.com for analysis.  
    • Contact the source by phone to confirm.  The best option is to contact the source by text of phone to verify if it is legitimate.  It is also possible to contact them by email to confirm, but it is more timely to contact them by phone.

    Here's a typical flow of a successful phishing attempt resulting from a hacked source account:

    1. Email comes in from a colleague stating that the colleague has shared a document and you need to click the link to get to the document. 
    2. After clicking the link you end up on another site with another link taking you to the actual phishing site which looks like Google Docs, Microsoft Office 365, or even DocuSign.
    3. You click the link thinking that the you'll get to see the document.  Instead you are asked to enter your login credentials to access the file.
    4. You enter you login name and password, but then the page says that your account or password was incorrect.
    5. You email the source and ask them that you couldn't open the shared document.
    6. The source replies with "my account has been hacked; please quarantine my emails."

    You can see above how easy it is for a hacker to acquire your account information.

    Below is an actual phishing email from a hacked source.  Source email has been blurred out for privacy reasons.

    email from hacked source

     

     

    The next image shows what happened after the Open Document link was clicked.

    The Phishing Link

    The image above is designed to make you think that you are on an official Office 365 sharing site.  When in fact, you have openned a PDF document containing the phishing link.  You can see the phishing URL by hovering the mouse cursor over the link and looking at the bottom left corner for the actual URL.

    You're a Victim... Now What?

    If you are a SUSD staff member and you believe you're a phishing scam victim, take these actions immediately:

    1. Change your computer password
    2. Forward the suspected phishing email to abuse@stocktonusd.net
    3. Report the incident to the helpdesk at https://helpdesk.stocktonusd.net or call ext. 4357.

    The Take Away

    Currently, there are no technology that can protect us 100% from the perils of email phishing.  It all comes down to us, the users, as the last line of defense.  Pay attention to the tips above, and you can save yourself a ton of headaches from the effects of a phishing breach.  If for any reason you become a victim, please take action as noted in the previous section.

     

    Comments (-1)
  • Key Tech Tips for 2018-19

    Posted by Juancho Forlanda on 8/2/2018

    Phishing & Scam Emails 

    Lately, the district has been on the receiving end of some sophisticated phishing or scam emails.  If you are unsure or suspicious about an email you received:

    • Do forward it to abuse@stocktonusd.net.
    • Don't open any attachments
    • Don't click any links

    If you were not able to do the above, and believe your computer has been compromised, turn off your computer and contact helpdesk.

    Data Privacy & Security

    As a school district employee, your position may require you to handle various types of information to include FERPA/HIPAA protected data, PII (personally identifiable information), or any confidential information that are not for general public consumption.  As such, it is imperative that you exercise great caution when handling such information.  Some precautionary/preventative measures include:

    • Use Trusted & Secured Communications.  Use the official email system based on the stocktonusd.net email address, and when you need to send protected information to an authorized 3rd party, use secured means to send such data.  If you're not sure how to do that, don't hesitate to contact helpdesk.
    • Always Lock Your Computer.  Before you leave your computer unattended for any reason, press the Windows key simultaneously with the L key.  This will lock your computer--meaning that you will have to login in order to get back to your desktop. 

    Office 365:  Five (5) Free Licenses for Home Use

    Did you know that as an employee or student of SUSD, you have access to 5 licenses of Office 365 for personal/home use?  These 5 licenses can be installed on your smartphone, tablet, or home computer.  To access your licenses, simply visit https://portal.office.com/ and login with your SUSD email and password.  From there you will see a link to "Install Office apps".  If you have any questions about this, don't hesitate to ask.

    Comments (-1)
  • How to Use the Boardroom Presentation Technology

    Posted by Juancho Forlanda on 12/27/2017 3:00:00 PM

    This video will show you how to use the presentation/display technology in the boardroom at the District Office.

    Boardroom Presentation Tech Training

    Comments (-1)
  • Synergy Desk Reference

    Posted by Juancho Forlanda on 8/4/2017

    If you use Synergy, this Synergy Handbook (if prompted to login, use your SUSD email address and password) should come in handy.

    If you have any questions about it or are in need of technical support with Synergy, don't hesitate to contact helpdesk at http://helpdesk/ or call ext. 4357.

    Comments (-1)