Students and teachers across the District received fake job offers from compromised teacher email accounts this October, senior Annanya Bhardwaj said. These emails represent just a few of many fraudulent emails sent to students since the summer, she said.
The first phishing incident occurred in July, the district’s Network Systems Administrator Sean LaRussa said. Google alerts the district within 30 minutes of an incident occurring, he said.
“We partner with our different software teams (like) Google and Microsoft and other software vendors to prevent this from happening again,” LaRussa said.
In theory, security could be continuously added but doing so would be at a detriment to students’ and teachers’ access to external services, Director of Technology Chin Song said. Security in relation to the phishing emails is all about the balance between blocking and freedom to access these external services, said Song.
“One way accounts could be (compromised is) because a student or a staff member that provided information that they should not,” Song said. “And then from there, they (email hackers) can get access to other pieces, posing as someone else. So, as long as there are humans, there will be some vulnerabilities in the system,” he added.
As of Oct. 10, there have been several instances of individuals submitting information through the Google forms in the scam emails, LaRussa said.
“At that point, we’d refer to the police department or the FBI,” LaRussa said.
These occurrences are not a surprise, science teacher Huy Pham said. The district sends out emails with resources on account security to prevent hackers from accessing school accounts, but teachers do not tend to look at those resources, he continued.
“I think I prefer to have more security and less freedom (on school accounts),” Pham said. “I feel like a lot of teachers do use technology more. So for them, I think it’s best for them to have more freedom and less on security”.
The impression of the systems right now is that they are very secure with lockdown browsers and blocked websites adding to this impression, Bhardwaj said. The incidents are especially surprising since many students are dependent on the school network and system which makes them especially vulnerable to phishing attacks like these, Bhardwaj said.
“Phishing scams, and scams in general, are becoming so much more deceptive and easier to fall for than before”, Bhardwaj said. “We’re such a tech-dependent society, everyone should have some awareness on where to put in their personal information.”