Categories SecurityTech News

Phishing attack nets $2.3 million from Texas school district

The biggest issue with phishing attacks is that it only takes one uninformed individual to bring an organization to its knees. It is this reality that a school district in Texas is dealing with after discovering a phishing attack left them short of roughly $2.3 million. As local ABC affiliate KVUE states in their report, the phishing scam affects the Manor Independent School District, which serves 8,000 students from kindergarten to 12th grade. The phishing attack began in November and continued well into December before the school district noticed anything wrong. This is just the latest in a flood of phishing attacks hitting schools, cities, and agencies.

Once it was obvious that they were dealing with a massive incident; the school district involved local law enforcement and the FBI. Speaking to KVUE Anne Lopez, a detective for the Manor Police Department, stated that the investigation has strong leads on the culprits. Lopez also stated the following on the specific nature of the attack, which targeted multiple individuals with one actually giving in to the scam:

It was three separate transactions. Unfortunately they didn’t recognize the fact that the bank account information had been changed and they sent three separate transactions over the course of a month before it was recognized that it was fraudulent bank account.

With the investigators not giving much information to the press besides what is in KVUE, it can be difficult to ascertain the exact attack that took place. Some cybersecurity analysts are making educated guesses, however, as to what the likely style of phishing attack is responsible. One such cybersecurity professional is Armen Najarian, who holds the position of chief identity officer with Agari, a company that specializes in phishing attacks. Speaking with Threatpost’s Lindsey O’ Donnell, Najarian stated that, based on the available evidence, it is likely that a vendor email compromise (VEC) is responsible for Manor’s woes.

In this type of attack, according to Najarian, there is “a hybrid of credential phishing and identity deception that results in extremely realistic-looking phishing emails that target a vendor’s or supplier’s customers.” Even so, for this type of attack to go unnoticed for so long to point that millions were lost, quite frankly, is inexcusable. The criminals are at primary fault of course, but organizations should look at this incident as a warning to educate their employees on phishing scam recognition.

Even the best phishing scams have “tells” that should tip-off an informed individual.

Featured image: Freepik / Designed by katemangostar

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Azure DevOps Wiki: Manage your project documentation and collaboration

Not being able to find project documentation is way too common. Use Azure DevOps’ built-in…

23 hours ago

Samsung Unpacked 2020: Galaxy S20, Galaxy Z Flip, and more

Samsung is again the first major company to roll out new smartphones in the new…

1 day ago

PhotoSquared data leak exposes users’ photos, information

PhotoSquared has experienced a data leak, mainly because the popular U.S.-based photo app failed to…

1 day ago

Moving data from an Azure VM to Storage Account with AzCopy

Here’s an elegant and modern way to move data from your Azure virtual machine to…

2 days ago

A lot not to like: Analysis of recent Facebook data breach

The effects of the recent Facebook data breach are still being felt. In this new…

2 days ago

Exchange 2019: Building an environment from scratch

Are you finally ready to take the plunge into Exchange 2019? If you are building…

2 days ago