Connecticut Schools Hit Hard By Phishing Attacks
Glastonbury Public Schools in Connecticut was the recent victim of a phishing attack. The phishing attack resulted in 1,600 W-2s being compromised. The school district is uncertain who exactly had their information exposed. However, they did report the food service personnel do not need to be concerned about their W-2s being breached, but all others could be vulnerable.
This attack occurred just days after another Connecticut school district, Groton Public Schools was the victim of a phishing attack. A hacker posed as the superintendent and asked for the employees to reply to the email and include their W-2. The attack method proved to be rather successful, as an estimated 1,300 employees sent the hacker the document requested. According to FOX 61, the superintendents email account was not hacked, but the email came from a falsified email account that originated overseas.
Keep Your Information Secure
It is tax time, which also means it is tax scam time. It is important you remain on your toes regarding bizarre requests for personal information. This includes requests from people who may be your superiors. To avoid being the next phishing victim PC Matic encourages users to:
- Look at the “Sent From” and “Reply To” address. Although the email addresses look legitimate, verify it. For instance if the email account is firstname.lastname@example.org but work email accounts are email@example.com there is a discrepancy. It may be minimal, and perhaps even overlooked, but it’s a red flag that says this is not legitimate.
- Watch for spelling or grammatical errors. Often times these attacks originate overseas, and they rely on a translation software to translate their messages into English. This often times results in spelling and grammatical errors.
- If it is not a normal request — question it. But, when you do so, call the sender from the phone number you have on record for them, or speak to them directly. Do not reply to the email or use the phone number listed because, if it is a malicious attack your response will go directly to the hacker.