KnowBe4 Issues Alert About Fake Active Shooter Phishing Emails

The recent shootings at schools in the United States have shocked the nation, with educational institutions now on high alert for any recurrences. The news of an active shooter on campus requires an immediate response and is likely to result in panic. It is therefore no surprise that scammers have taken advantage and have been sending fake active shooter alerts via email to schools and colleges.

KnowBe4 has recently identified one such scam that was used to target a community college in Florida. Several subject lines were included in the emails along the same theme: There is currently an active shooter on campus.

Variants of the scam detected by KnowBe4 include the subject lines: “IT Desk: Security Concern on Campus Earlier”, “IT Desk: Campus Emergency Scare”, and “IT Desk: Security Alert Reported on Campus”.

The aim of the emails is clear. To attract a panicked click, which directs the user to a website where they are asked to enter in their Microsoft account credentials.

This type of scam could easily be used against other educational institutions, healthcare organizations, government agencies or even businesses.

This phishing attack is particularly heinous and shows that no topic is too sensitive to be used by scammers to steal data, credentials, or deliver malware or ransomware.

KnowBe4 warns all organizations that even though an email may contain urgent information that requires an immediate response, it is still important for end users to stop and think before acting.

Email recipients should take a minute to check the email for any signs that the message is not genuine or to verify the alert via telephone – but not using any contact information included in the message body.

While this type of email scam is perhaps more likely than most to fool employees into responding, KnowBe4 strongly recommends that such a scam not be included in phishing simulation exercises. KnowBe4 notes this type of phishing test would likely carry “a high runaway risk,” and could be reported to law enforcement and other authorities or the media which could cause potential escalation, downtime, and possible harm.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of