Skip To Content

Cybersecurity Alert: Criminals Hack District Email Accounts

News Update

Several school districts across Texas recently experienced a cyberattack launched by malicious actors using a compromised email account. The email, which appears to come from an internal district account, mentions severe weather and an opinion poll. Users are directed to a Google document where they are encouraged to input their personal credentials.

Sharp-eyed users will notice the bad grammar and strange formatting in the email text. Keep in mind that hackers might modify the email text in response to public alerts like this one. Encourage employees to always look for these kinds of mistakes, as they are often indicators of a cyberattack.

Upon arriving at the Google document, users are told that authentication is required, and they must input their email address and password. It isn’t specified that the password be their current network password, but hackers are optimistic that some users who see the words “Microsoft School Account” will input their personal credentials.

Screenshot of phishing email


Red Flags

As more districts move to cloud-based service offerings like Microsoft Office 365 and Google for their collaboration and document sharing solutions, opportunistic attacks like this one are increasing. Making sure that any links you click or documents you open come from trusted emails is the first step to preventing your district from becoming a victim. That said, sometimes actual trusted email accounts are compromised.

It’s up to each employee to look for red flags such as:

  • Inconsistencies
  • Misspellings
  • Bad grammar
  • Bizarre formatting
  • Strange or illogical requests for information or action

If you are concerned you may have fallen for this or a similar scam, immediately notify your district’s IT team or managed security service provider. If you have Cybersecurity coverage with the Fund and need to file a claim, call us at 800-482-7276 or report a claim online. If you have other cybersecurity concerns, contact TASB Privacy and Cyber Risk Consultant Lucas Anderson at 512-505-2893 or lucas.anderson@tasb.org

Lucas Anderson headshot
Lucas Anderson
Privacy and Cyber Risk Consultant

Lucas Anderson joined TASB Risk Management Services in 2019, bringing more than a decade of experience in cybersecurity, network administration, and information technology. He advises districts on preemptive mitigation against ongoing and emerging cybercriminal threats targeting the education sector, as well as cybersecurity-related regulatory compliance. 

Over his career, Anderson has supported public and private organizations, including Booz Allen Hamilton, the White House Office of Management and Budget, the Department of Defense, and the Texas Association of Counties.