Did Students Take the Bait in BPS’s Phishing Emails?



Students learn about cybersecurity after receiving fake phishing emails.

Accomplished through a series of scam emails sent out to Boston Public School students, an October experiment was conducted by BPSTechnology for Cybersecurity Month to raise awareness about the dangers of phishing.

Phishing, the fraudulent practice of sending emails to induce individuals into revealing personal information, is increasingly common in today’s society.

Various types of simulated phishing emails were sent out to students by BPSTechnology. One of them was from “The Google Team,” which contained a link to reset their passwords in order to maintain access to their account. The others were links to find TikTok stalkers or how to increase one’s following count.

Ava Vu (IV), a Boston Latin School student who received the former email, says, “[I] thought it was weird, because BLS would send an email themselves, not BPS, if my password needed to be changed.”

The emails contained deliberate signs of phishing. There were spelling errors in the body text, such as “lidderly” instead of “literally,” as well as a lack of punctuation. Some were sent from email addresses that had names with double meanings, such as Bea Keirfel (be careful) or J.P.Hishme (phish me). These obvious signs made it apparent to multiple students that this was, in fact, a scam.

Vu had the same reaction to these emails as many other BLS students. Zoe Colimon (III) says, “There’s no reason my passwords would be resetting like that. Anyways, I knew it was a scam because I’ve gotten calls like that before.”

Students who clicked on the links in the email were led to an educational site with information about phishing, explaining the risks and how to avoid phishing.

According to the results released, most students did not fall for this trap. Out of 9,057 emails sent, 74.1 percent of students did not read the email, 23.3 percent clicked on it but did not open the phishing link, and 2.7 percent opened the email and link. Older students were less likely to click on the link than younger students. The full results for this experiment can be seen on BPSTechnology’s website under “Awareness Campaign Results.”

Regarding alternative ways to teach students about phishing, BLS Director of Technology Mr. Patrick Hourigan says, “Some schools are able to fit ‘technological literacy’ into their curriculum as a standalone class, but we don’t have that kind of flexibility in our schedule.”

Above all, the results of the phishing experiment demonstrate that students in this age are becoming increasingly aware of potentially dangerous communications. Mr. Hourigan adds, “[Students are] appropriately skeptical of emails that are suspicious.”