« Under New Leadership, FCC Quashes Report on E-rate Program's Success | Main | Online Charter Students in Ohio Perform Far Worse Than Peers, Study Finds »

Phishing Scam Targets School Employees' Information

By Michele Molnar. Cross-posted from the Marketplace K-12 blog.


The Internal Revenue Service has warned school business officials to beware of a phishing scam targeting schools' payroll or human resource departments, according to the Association of School Business Officials International.

The scam, which seeks employees' confidential information, has already victimized more than 20 school districts in more than a dozen states, according to EdTech Strategies, a consulting agency that has been tracking publicly reported instances.

At least one prominent ed-tech company, New York City-based Amplify, was also affected, according to a report in EdSurge.

The Association of School Business Officials alerted members to the scam in the notice on the organization's website. 

Besides schools, the scammers are targeting tribal organizations, nonprofits, and other employers, the association indicated in its announcement to members, quoting from the IRS notification.

Phishing scams are a form of fraudulent email communications with the goal of tricking recipients into revealing personal information. Last year, more than 55 companies fell victim to a similar scam during tax season, according to Info Security.

The IRS reports the scam relies on a phishing email "that uses a corporate officer's name to request employee Forms W-2 from company payroll or human resources departments," according to ASBO, which advised its members to "ensure all HR/payroll officials double check any executive-level or unusual requests for lists of Forms W-2 or Social Security numbers from their organization."

School administrators are no strangers to scams, which can have big financial and privacy implications for schools. Education Week recently reported on a series of ransomware cyberattacks in districts, in which administrators must decide whether to pay a ransom to have malware removed from their computer systems. And two years ago, I wrote about scammers targeting schools with bogus math textbook invoices. Musso said reports of fake invoices still arise, and are shared by his organization.

Even so, the W-2 phishing scam surprised him, John Musso, ASBO's executive director, said in an interview. 

"These scammers are getting so smart and so devious that it's hard to tell what they're going to come out with next," he said.

ASBO advised its members that they should forward W-2 scam emails to [email protected] with "W2 Scam" in the subject line.  The IRS alert is linked here.

This post has been updated with information on schools and companies that have been affected.

See also:

 for the latest news on ed-tech policies, practices, and trends.

Notice: We recently upgraded our comments. (Learn more here.) If you are logged in as a subscriber or registered user and already have a Display Name on edweek.org, you can post comments. If you do not already have a Display Name, please create one here.
Ground Rules for Posting
We encourage lively debate, but please be respectful of others. Profanity and personal attacks are prohibited. By commenting, you are agreeing to abide by our user agreement.
All comments are public.

Follow This Blog


Most Viewed on Education Week



Recent Comments