Cyber Alert: Large Digital Thefts Target Texas School Districts

We recently observed a wave of targeted cyber-attacks in which Texas school districts have been tricked into diverting large, unrecoverable payments for school construction to fraudulent accounts.

All members should be advised that criminals are actively targeting schools and districts by leveraging knowledge of public contracts and bids, which are published on public websites. Criminals use the information to impersonate real vendors sending e-mails that appear to be legitimate.

Take these precautions

Because such e-mails are difficult to differentiate, all members are advised to take the following precautions if you receive unprompted requests for information regarding payment history or account changes or updates: 

  • End the correspondence immediately and reach out to the vendor contact using an alternate method to verify the validity of the request. Do not reply to the same e-mail correspondence and do not rely on phone numbers or other contact information listed on the forms that attempt to provide new routing numbers.
  • Avoid wire transfer payments and direct deposits for short-term vendors—use paper checks
  • Verify all vendor payments and financial transactions prior to transmission, using the contact information provided on the vendor’s public website, or by calling a known vendor contact.
  • Pay careful attention to notifications of past due accounts, particularly if a payment has already been sent.
  • Verify that addresses on checks match the original address of the contractor.

These attacks are among the largest digital thefts involving school districts in recent years. Members should note that financial transparency requirements for districts (including public check registers) increase vulnerability to such attacks.

Members are encouraged to contact Special Risks and Resources Manager Devereaux Morkunas at for any cyber-related questions or concerns.

Privacy and Information Security Coverage

The Fund provides cybersecurity and data incident response coverage to all members of the Property and Liability programs.  Losses will only be covered if members work with Fund vendors on response and recovery.

If you believe your organization has fallen victim to this or a similar scam and need to report a claim, contact us immediately for assistance at 855.295.8344.