Phishing Scam Targets School Employees' Information
By Michele Molnar. Cross-posted from the Marketplace K-12 blog.
The Internal Revenue Service has warned school business officials to beware of a phishing scam targeting schools' payroll or human resource departments, according to the Association of School Business Officials International.
The scam, which seeks employees' confidential information, has already victimized more than 20 school districts in more than a dozen states, according to EdTech Strategies, a consulting agency that has been tracking publicly reported instances.
At least one prominent ed-tech company, New York City-based Amplify, was also affected, according to a report in EdSurge.
The Association of School Business Officials alerted members to the scam in the notice on the organization's website.
Besides schools, the scammers are targeting tribal organizations, nonprofits, and other employers, the association indicated in its announcement to members, quoting from the IRS notification.
Phishing scams are a form of fraudulent email communications with the goal of tricking recipients into revealing personal information. Last year, more than 55 companies fell victim to a similar scam during tax season, according to Info Security.
The IRS reports the scam relies on a phishing email "that uses a corporate officer's name to request employee Forms W-2 from company payroll or human resources departments," according to ASBO, which advised its members to "ensure all HR/payroll officials double check any executive-level or unusual requests for lists of Forms W-2 or Social Security numbers from their organization."
School administrators are no strangers to scams, which can have big financial and privacy implications for schools. Education Week recently reported on a series of ransomware cyberattacks in districts, in which administrators must decide whether to pay a ransom to have malware removed from their computer systems. And two years ago, I wrote about scammers targeting schools with bogus math textbook invoices. Musso said reports of fake invoices still arise, and are shared by his organization.
Even so, the W-2 phishing scam surprised him, John Musso, ASBO's executive director, said in an interview.
"These scammers are getting so smart and so devious that it's hard to tell what they're going to come out with next," he said.
This post has been updated with information on schools and companies that have been affected.
- Security, Cybersecurity Lead K-12 Purchasing Categories
- Cyber Insurance Emerges as Districts Guard Against Data Privacy Risks
- Ransomware Attacks Force Districts to Either Shore Up--or Pay Up
- Scammers Target Nation's Schools With Bogus Math Textbook Invoices
Follow @BenjaminBHerold for the latest news on ed-tech policies, practices, and trends.