Cathy Jett reports:
Hackers phishing for sensitive information faked an email from a regional organization to break into the Fredericksburg school system’s electronic mail and file system last month.
The April 24 intrusion was caught the following day, but not before hackers accessed 14 school employees’ emails and one school employee’s files, according to a letter Superintendent David Melton sent to parents and guardians May 2.
The letter stated that the intruders may have used this to access students’ Individualized Education Programs, 504 Plans, Gifted and Talented profiles or portions of their academic records that had been sent by email.
Read more on Fredericksburg.com.
If so many employees fell for the phishing email, you might think that maybe the phishing email was very professionally done. But it appears it wasn’t a great phishing email and yet the employee clicked on the link anyway:
The initial email appeared to come from a group that regularly emails information to the city’s schools, said Mike George, the school system’s director of technology. The employee who received it thought it looked suspicious, but wasn’t sure and opened it about 3 p.m. George said it “was basically a phishing scheme” that collected the employee’s username and password.