Cyber attacks can be of varying ranges of complexity. One of the more basic cyber attacks that is heavily employed is phishing. In a recent phishing attack upon Manatee County School District in Florida, the perpetrator was able to illicitly obtain financial information from almost 8000 employees.
According to officials, on January 26th a payroll employee received an email claiming to be the superintendent, which was requesting W-2’s for the 7,900 employees of the district. The payroll employee was fooled by the crafted email and relayed the documents to the sender. The email had been written in official school district letterhead, according to Deputy Superintendent, Ron Ciranna. The mistake was then not discovered until February 3rd.
What This Attack Means for the Employees
Unfortunately, the fact that these documents were sent means that the perpetrator of the attack now has the financial data and social security numbers of all of these employees. This not only puts them at potential risk for identity theft, but also gives the attacker the ability to file fraudulent tax returns for the individuals. In an attempt to mitigate any potential damage from this attack, the school district has partnered with All Clear ID, which is an identity theft firm that will monitor the employees to ensure that there is no identity theft.
Jeff Birnbach, of the cyber security firm The Sylint Group, said that this scam is hitting businesses and schools across the country. In a statement to News Channel 8, he also brings up the point of the security of emails. He says, “Email systems were never designed to have security on it. In fact, we tell people if you send something by email, it’s the same thing as sending something on a postcard.”
As a response to the data breach, the district has said that they are going to provide more training. Employees of the district have received training, as well as regular updates about phishing, but Ciranna said that this employee was fooled. It has not been stated whether this employee will face any consequences for the breach.
Preventing and Handling Phishing Campaigns
Phishing attacks are all too common in our highly technological society. One simple phishing scam that enters the inbox of the right employee can result in disastrous consequences. When it comes to cyber attacks, organizations need to be properly prepared, as well as take appropriate mitigation steps when there is a breach. Massive Alliance offers thorough anti-phishing solutions that can help to prevent these scams, as well as locate and eradicate the attackers if there has been a breach.