Cyber Alert: Trends of Phishing Campaigns Targeting Texas Schools

We recently observed a wave of targeted phishing attacks in which multiple members have been tricked into diverting large, unrecoverable payments to fraudulent accounts owned by criminals. With transactions exceeding a half-million dollars per incident, attacks are increasing. In most cases, the much-needed district funds are unrecoverable.

These recent phishing attacks targeting our members exploited staffs’ lack of awareness of cyber-based scams and circumvented accounts payable processes. Criminals searched school websites and social media pages for public information, such as vendors, contracts, and bids. They then used the information to craft custom phishing emails, which impersonate or appear to come from legitimate vendors or third parties with whom districts conduct business.

Trends and examples 

Some of the red flags to look for in your inbox include:

  • Emails that contain fraudulent invoices or payment requests that appear to be from vendors, suppliers, officials, or other legitimate business contacts 
  • Emails that appear to come from faculty and staff and include either a request for work-related expense reimbursement or a forwarded email that appears to be from a legitimate vendor requesting payment
  • Payment authorization requests from fake or compromised* (hacked) staff email accounts following phone calls or electronic communications with direct questions about how to modify payroll information

*Note: In some cases, these requests are sent from real email accounts that are under the attackers’ control. When the recipient replies to or uses contact information from within the email’s signature to verify the request, the victim is only verifying with the attacker.

Responding to suspicious emails and requests

We advise members to carefully assess correspondence related to financial transactions and take measures to strengthen internal controls and reduce risk from these attacks.

Proactive measures to reduce cyber risk

There are steps you can take to help reduce risk and prevent falling victim to these phishing attacks:

  • Use staff as a first line of defense. Share this alert with staff and teach them how to report suspected phishing attempts to your IT or information security team. 
  • Exercise extreme caution with financial requests. Strengthen internal controls and processes to prevent compromise and loss from fraudulent requests. 
  • Block malicious entities. Work with your IT department to block traffic or inbound correspondence from our list of malicious entities. Implement an email protection solution to control all aspects of outbound and inbound email. This will help you proactively detect and block threats, preventing school funds and confidential information from getting into the wrong hands. 
  • Share information about cyberthreats to help other schools. Forward samples of phishing emails and information about cyberattacks to Special Risks and Resources Manager Devereaux Morkunas at Working together, we can stay up-to-date on cyberattack trends and proactively protect district funds.

Privacy and Information Security Coverage

The Fund provides cybersecurity and data incident response services to all members of the Property and Liability programs. Losses will only be covered if members work with Fund vendors on response and recovery.

If you believe your organization has fallen victim to this or a similar scam and need to report a claim, contact us immediately for assistance at 855.295.8344.