Dive Brief:
- A dangerous new phishing scheme is targeting employee W-2 forms, and both school districts and colleges have already been targeted.
- The scam relies on spoof emails supposedly sent from administrators or financial departments requesting sensitive information, including tax forms.
- Experts suggest accounting and HR teams remain vigilant and that IT departments alert staff about the issue. When accounting forms are sent electronically, they should be encrypted, and suspicious emails can also be forwarded to the IRS, which has set up a site explaining the scams in more detail.
Dive Insight:
As previously reported, education has fast become one of the most popular targets for hackers looking to invade networks, thanks to the number of devices on school networks and the sometimes haphazard patching and OS maintenance on those devices. Various outdated servers, which may still occasionally be used by staff, can offer convenient backdoors into the larger network.
In addition to phishing scams, schools have also been contending with a rise in DDoS, or denial of service attacks, which can cripple a network's internet access, often initiated by students during crucial periods, such as during high stakes online testing. Ransomware attacks, where district files are held hostage for payment, usually in untraceable bitcoin, leaving them with the choice of wiping serves and restarting from backups or paying ransoms that can approach $10,000.
All these attacks are preventable, say experts, provided IT teams remain proactive in protecting their networks and also educating staff on how to stay safe.