A phishing scam aimed at the Manor Independent School District (ISD) in Texas has pulled over $2.3 million (£1.76 million) from the school district’s accounts.
The fraudulent transactions, of which there were three in total, took place in November and December 2019, and were unfortunately not recognised until it was too late. The social engineers behind the attack have not yet been identified but the Manor Police Department and the Federal Bureau of Investigations (FBI) are investigating the incident.
“It was three separate transactions. Unfortunately they didn’t recognize the fact that the bank account information had been changed and they sent three separate transactions over the course of a month before it was recognized that it was a fraudulent bank account.”
Detective Anne Lopez – Manor Police Department
This is another unfortunate case of a successful social engineering attack within the education sector, of which there have been several throughout the latter half of 2019.
Press release announcing the attack and investigation. Image credit: Twitter
“Scams are unbiased, they reach anyone anywhere any time”
Detective Anne Lopez – Manor Police Department
In this case the school district simply parted with its cash, but it could have been much more sinister. Serving over 9,600 students ranging from elementary to high school level, this phishing attack could have compromised the personal information of these students, and in doing so, compromised their personal safety.
Although the sympathy and aid of the police department is with the school district, it is another example of how necessary Security Awareness Training is for all organisations.
Moving into 2020, malicious actors will target any industry that is likely to pay up. The reality is that any organisation without regular training and simulated phishing is likely to fall for these types of attacks as staff simply aren’t aware of how to spot a phishing email.
At Phishing Tackle, we believe that essential training and testing for your staff should not cost the earth. We even went as far as to create a completely free tool which reveals how many of your staff are susceptible to falling for a phishing attack. Check out our Free Click-Prone® Test and find out how you can reduce your cyber attack surface today.
While the authorities may be able to help the Manor School District in the end, there is no doubt that prevention is always better than cure. Don’t wait until your organisation takes its place on the long list of victims of preventable phishing attacks.
Take action now.