School district alert for phishing email attack

Jan 24, 2017

During the week of January 9, 2017, malicious hackers conducted phishing attacks from multiple school district employees' email accounts.

What happened?

Hackers gained unauthorized access to work-related email accounts belonging to employees of multiple school districts, presumably by having the login name and password of the email account.

The hackers used the employees' email accounts to send phishing emails to people with whom the employee had previous email contact. The message included instructions to click on a link to open a website. The website directs the email recipient to enter account credentials (email address / user name / password / phone number).

The hackers are also monitoring the victims' email accounts and are responding to replies from recipients of the phishing email confirming the original request to click on the website link. In some cases, the hackers used the employees' email signature to make the message appear more authentic.

Recommendations

Be suspicious of emails that ask you to click on a link or open an email attachment, even if you know the sender and especially if you were not expecting an email from the sender.

If it looks suspicious and the message directs you to click on a link or open an attachment, call the sender to determine if the message is valid. If the email message is not valid, consider these options: Do not respond to the email with a reply email; notify your IT department or follow any existing policy and procedures; delete the email from your Inbox and then delete it from your Deleted Items folder.

If you receive an email and click on the link, and then believe it to be suspicious, it is recommended to close the browser window immediately and delete the email as instructed above. As a recommended precaution, immediately change your password and notify your IT department.

To reduce the risk of compromise, consider using multi-factor or two-step verification to protect your account.