Known Malicious Entities Targeting School Districts

Collaborating with our members, we compiled a list of malicious entities, including domains, accounts, addresses, and other indicators associated with recent phishing attacks. We encourage districts to share this list with IT or information security staff. They can block traffic or inbound correspondence attempts from malicious entities and reduce the likelihood of compromise. Because attacks are increasing and constantly evolving, we will update this list as we have new information.

Domains and email accounts 

  • Specialtyschoolsupplies@gmail.com 
  • deeanns@wrl-gc.org 
  • Office365Alerts@xbox.com 
  • @tasbs.org@alagaria.com.ga

Fraudulent phone numbers

  • 972.809.2971 
  • 961.213.5689 
  • 961.213.9541 
  • 961.213.6816

Other fraudulent accounts

WhatsApp account purporting to belong to the Fund TASBRMF@tasbrmf.org

Malicious IP addresses 

Districts are encouraged to block inbound contact from all overseas IP addresses. 

Social Engineering Pretexts 

  • Calls purporting to sell sponsorships or request financial donations on behalf of school districts
  • Fraudsters targeting districts with ongoing construction to solicit fraudulent payments
  • Requests to reconfirm your account password

Email subject lines 

  • Document scanned from a Xerox Multifunction Device 

  • Syncing error (d) message failed to deliver 
  • Help us protect you: Please confirm account to continue  
  • You have 3 incoming files associated with your (email address) 
  • Partnership agreement proposal from Michael Lettius