A phishing scam that led to a cyberattack on Employee Online was an extremely close call. This is an urgent reminder that all of us must be vigilant; not just when surfing the web or using social media, but even when using email.
It only takes one person and one click to put all of us at risk for identity theft.
The attempt to take over employee accounts last Wednesday originated in Germany. The hacker sent emails to random Highline staff from a list likely purchased off the dark web. The yellow caution bar at the top of the message and the sender’s address (not ending in highlineschools.org) should have alerted recipients that this was not from inside our school district.
Nonetheless, one staff member was fooled by seeing “Highline Public Schools” in the from line and responded. This enabled the hacker to create a highlineschools.org address and send emails to around 2,000 HPS accounts with what looked like a legit internal email (no caution bar) and a link to a fake Employee Online website.
The fake website, based in Australia, collected login credentials from over 300 employees.
This phish was not a random attack. It had been researched and planned.
Our Technology Services team swung into action as soon as the scam was reported by alert users. Our team removed over 1,500 unread messages from email boxes and helped impacted staff change their passwords. Tech Services staff contained the attack, but twenty people were pulled from their work for two days to do it.
What should you do to prevent another attack?
- Be skeptical about any message with a yellow caution bar asking you to click a link, listen to a voicemail or open an attachment. Hover over the address, image or attachment to see if it is a URL, which might be suspect.
- Look carefully at the sender’s address. If it doesn’t end in highlineschools.org, (even if Highline Public Schools or a familiar name is typed in the from line), be suspicious.
- Forward any suspicious messages to email@example.com.