Phishing emails, explained: Attack Vectors targeting School Districts

Despite many attempts to heighten email security through user training sessions and simulated phishing attacks, phishing scams continue to rake in massive profits each year, and school districts remain large targets for scammers. Most recently, the Manor Independent School District in Texas lost $2.3 million to a phishing attack.

Though many school district employees go through security training, phishing attacks can present themselves in many forms. Often, phishers start off slowly, sending a “door knock” email to establish a connection with their target(s). These emails can be as simple as the below message:

school phishing email example 1

In a recent example, the hacker used an email address that appeared to belong to a trusted superior—down to mimicking the sending domain of the user’s school district. The phisher innocuously asked the target if they are available, and once they received a reply, asked them to buy several high-value Amazon giftcards. At this point in the conversation, the recipient of the messages noticed anomalies—they didn’t normally buy Amazon giftcards, especially not at such a high value and quantity.

Unfortunately, this doesn’t always happen—many targets end up losing money or personal information and are unable to recoup what they lose.

In the below example, the attacker sent a more sophisticated door knock message confirming a payment made from the recipient’s account. Once the recipient replies, the attacker will ask for bank information to process the payment—once that information is sent over and money is wired, there is little that can be done.

school phishing email example 2

It’s no secret that phishing attacks can be enormously costly and inconvenient, and new scams are appearing every week.GreatHorn finds that 32% see business services spoofing attempts in their inboxes. Tighter company procedures and more user training can barely keep up with the pace of attacks, but user awareness is key when considering how to proceed when an attack hits an inbox.

GreatHorn’s cloud-native, email security platform  protects Microsoft Office 365 and Google G Suite customers from both malware threats and sophisticated social engineering attempts. In one Fortune 500 company, we identified more than 50,000 threats (business email compromise, credential theft, malicious links, malicious URLs, and more) that were missed by both a traditional secure email gateways and Microsoft ATP.

Get Your FREE Email Threat Assessment

Learn what advanced threats are currently getting through your existing email security and into your end users’ mailboxes.