The phishing emails sent to the Manor, Texas Independent School District in November led to three separate transactions totalling $2.3 million, according to ZDNet.
The content of the emails and who made the payments is not yet known, but an employee discovered the scheme a month later, leading to the involvement of the FBI and the Manor Police Department.
“This is money taken away from the kids, and the school district’s funds, taxpayer money. Unfortunately, stuff like this happens all the time, it’s just usually not to this magnitude,” said Manor Police Sergeant Craig Struble.
“They could use a similar email from somebody you know and trust, they learn information that way, maybe change a word or two so you respond with information. It could be a domain.”
Manor ISD is hardly the first district to fall victim to cybercrime, although phishing scams are less common than other types of cyberattacks. In 2018, Crowley Independent School District near Dallas lost nearly $2 million as a result of an email phishing scam.
In April 2019, Scott County Schools in Georgetown, Ky., lost $3.7 million.
A report from the K-12 Cybersecurity Resource Center found there were 122 publicly disclosed cyberattacks at 119 K-12 public education institutions in 2018, averaging out to an attack every three days.
Of those attacks, 15.57% were phishing scams (approximately 20).
Below is a breakdown from the report of the types of cyberattacks schools experienced in 2018.
Report author Doug Levin maintains an interactive map of publicly disclosed K-12 cybersecurity incidents. Since 2016, there have been over 700 incidents, according to the map.
Levin estimates as many as 10 to 20 times more undisclosed breaches occurred in 2018 within the education sector.
In case you or your coworkers could use these reminders, here’s what the FTC says phishing emails or text messages may contain:
- They’ve noticed suspicious activity or log-in attempts
- Claim there’s a problem with your account or your payment information
- Say you must confirm personal information
- Include a fake invoice
- Ask you to click on a link to make a payment
- Say you’re eligible to register for a government refund
- Offer a coupon for free items
This phishing email scam story premiered on our sister site, Campus Safety.