I was taught a valuable lesson this morning, one that I have extolled to pupils for several years.
Flashback to 2006 and a keen young(1) teacher obtains a 4-page website designed to mimic the log-in process for a popular high-street bank and ends with the message “Thank you for your details, we have now stolen all of your money”. The idea was, of course, to demonstrate to pupils the power and the nature of phishing. The data entered was not stored and I plonked it on one of the school servers in a sub-folder of a sub-folder where no-one would accidentally stumble across it.
Fast forward to late yesterday and the head receives a phone call from someone at said bank’s head office, concerned that the school is apparently hosting an illegal website designed to steal bank customers’ details for the purposes of committing fraud (as well as being in breach of the Copyright, Designs and Patents Act and the Data Protection Act).
Following some anxious moments for the Head, and the Head of Department (both of whom were concerned that the school webserver had apparently been accessed by nefarious characters) the story filtered down to my level and I had the unenviable task of ‘fessing up, lest the situation deteriorate even further.
As yet I’ve had no written warnings or men in bright yellow jackets and stab vests (or, indeed, dark suits and shades) come by for ‘a little chat’ but I’m nervously checking my shoulder regularly and I already have my escape plan organised.
If you don’t hear from me again, I’ll be hiding somewhere on the Spanish mainland.
(1) Well, artistic license perhaps, but I was younger then than I am now so that line stays.