texas school

Texas School District May Lose $2.3 Million In Phishing Cyber Attack

The scam, which took place in November, is being investigated by the FBI and local authorities.

A Texas school district was victim to an email phishing scam which might cost the district a loss of $2.3 million, leading to a FBI investigation of what happened to cause the breach.

Three separate fraudulent transactions took place in November before being discovered by a district employee in December, according to CBS Austin. Manor ISD serves over 8,000 students in the small city of 11,000 about 15 miles outside of Austin.

"Scams are unbiased,” Detective Anne Lopez of the Manor Police Department told the news outlet. “They reach anyone, anywhere, any time.”

The size of the scam is rare among school districts, Lopez said. The police department has not described how the attack took place or if the district has any way to get its money back, and the school district said it has released all the information it can at this point.

Investigators said they have “strong leads” in their attempts to figure out who is responsible for the breach, according to CBS Austin.

"Manor ISD appreciates the Manor Police Department working together to communicate this to our community," the school district said in a statement.

Phishing scams can come in a variety of different forms, including clicking malicious links that allow hackers to get into a network. Other scams will convince the email recipient that they are sending confidential information to their boss or another trusted source when they are sending it to a fake email address.

“These emails frequently use urgent-sounding language to startle users into following through on their directive, often related to resolving a ‘problem’ with an account,” Jessica Davis, a former Security Today associate editor, wrote in 2018. “Deceptive phishing emails not only spoof legitimate companies to target users, they often direct the victim to resolve the imaginary account issue by clicking through and logging into a matching spoofed website, allowing the phisher to collect their personal information and account login information.”

A 2019 study by Proofpoint found that American workers still struggle to identify phishing attacks, often due to a general lack of awareness of the threat.

“Cyber criminals continue to focus on people, structuring attacks to take advantage of users who are unaware and unprepared,” the report reads.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.