Can Our Students get Hooked by Pfishing?

Do our students know these pfishing tricks?

There is so much more to digital citizenship than just how we treat each other during online interactions.  We also need to be able to determine what is real, what is valid and what is meaningful online.  And that gets tougher all the time.  After all, it’s pretty easy to make fakes look fairly realistic.

kim tweet

(That Tweet is totally, 100% legit)

Take a look at this email I received yesterday:


This is how it appeared on my phone.  And as a prolific iTunes customer, it got my attention.  The email stated that I needed to update my account information or “because of new terms”, my account could be deleted.  Totally makes you wanna check it out, right?

Thankfully, I clicked on the “From: Apple Support” to check the email address of the sender.  And THIS is what it was.


Hmm.  Apple Corporation is using a hotmail email account?   Sure they are.

When I get valid emails from iTunes, like receipts, the sender’s email address looks like THIS:


There’s the clue:   the address ends with

Would our students have clicked on that initial email?  Jason Rincker of Stronghold Data tells me that these emails typically contain ransomware – a type of virus that will collect data from your hardware and then attempt to extort funds to return the data.  Or, they could be annoying viruses.  Either way, it’s trouble.

How can we teach students to take this extra step and check?

Here’s another email I received yesterday.  Clearly, my contact Chris Miller’s computer had been infected with some sort of virus.  Take a look at how clever this is –


chris miller

It’s got his email signature!  But take a closer look at the sender’s address:  it’s chrls.miller – NOT CHRIS. And his actual email address at the end of his signature is chris.miller

The reason this seemed fishy to me is that I don’t typically hear from Chris.  And the email ASKED me to click on a link.

Do our students know to be wary of these types of emails?

Yesterday, Jason shared the following image with Mehlville School District.  He cloned their website and wanted them to see the difference in the URLs.  Do we know to hover our mouse over a link before we click so that we can evaluate the URL for authenticity?

mehlville clone

The websites have been cloned – they are identical.  But look at the URLs.  One is mehl and the other is becca


What are some ways we can teach our students to protect themselves from these phishing expeditions? 


Leave a Reply

Your email address will not be published. Required fields are marked *