Several D93 accounts compromised due to phishing scam, D91 computers attacked by virus - East Idaho News
Daybell trial: Latest updates & video
Education

Several D93 accounts compromised due to phishing scam, D91 computers attacked by virus

  Published at
Natalia Hepworth

Natalia Hepworth, EastIdahoNews.com

computer scam alert
Stock image

AMMON — Bonneville Joint School District 93 is recovering from a phishing scam after some staff accounts were recently compromised.

D93’s Director of Technology and Safe Schools Gordon Howard says scams have been an ongoing issue for the last two months and that it seems to be targeted at educational institutions.

“This is an issue nationwide,” Howard says. “Our district is not unique. They weren’t after us. They send these out en masse to public schools.”

Howard says scammers have been sending emails that look legitimate to educators and staff around the district. As some accounts were breached, the district began investigating to see if there were any other accounts that were compromised.

“We’re in the process of making sure that they’re secure again,” Howard says. “Anytime these kinds of scams happen they’re after money.”

Idaho Falls School District 91 was also hit with a digital virus around the same time as D93’s ongoing scam. Computers and servers have been affected, according to D91’s spokeswoman Margaret Wimborne.

Howard says, however, the cyber issues seem to be unrelated. Howard says in D93’s case, scammers have tried to get users to send them credentials, like usernames and passwords in order to log into accounts.

“They’re not targeting any one individual, but as soon as they get someone to respond, then they focus on that individual or organization,” Howard says.

The emails, Howard says, are disguised to look as if they come from a principal or someone at the district level. The email address itself looks generic, but the username that pops up next to the subject line looks like an administrator.

He says the emails that have been most harmful are ones that ask users to download a document. In order to download the document, a username and password must be inserted into the appropriate fields.

“You put in your username and password and what (the scammer) does then is “siphon” it off and they now have that person’s username and password,” Howard says.

The administration has spoken with school resource officers and is working with a private group to investigate the issue. He says all they can do in this case is report the information to the Idaho Attorney General and then that information would get passed along to the FBI.

From there, the information is collected and put into a database in hopes of building a large enough case to take action. He says reporting the scam to law enforcement is a formality and hardly anything can be done with the resources local law enforcement has.

Howard says if the information is given away, that doesn’t constitute a crime on the scammer’s end. However, if a bank account is accessed, or if there is fraudulent activity on a financial account then a chargeable crime has been committed.

Howard says it’s almost impossible to trace who sends the emails because the email address is deleted by the scammer within hours.

“They change email accounts so it’s coming from a different person or they’ll change IP addresses where they’re sending information from, so it’s very difficult to track down where they’re coming from,” Howard says.

Howard requires district staff to change their emails. Firewalls and other cyber protections have been in place, but phishing emails can circumvent current cyber protections, according to Howard. He says D93 is still considered a target because the emails haven’t ceased. He says the best way they’ve worked to prevent more scams is to train the educators on what to look for.

“Look at those emails closely, scrutinize them. Don’t ever give away personal information,” Howard says. “You just have to be really vigilant and double check.”

As for D91, Wimborne says they are continuing to investigate the virus issues.

“Once we learned of the issue, we engaged a third party expert forensics firm to come in and conduct a thorough investigation and determine the full nature and scope of the attack,” Wimborne says. “We’re still trying to get an understanding of the scope of the virus.”

Wimborne says the investigation began immediately after being detected and it was discovered that the virus had eluded the antivirus protections that were in place.

“It’s not a ransomware virus and the way it was detected was that our IT staff noticed that we had some computers or systems that were shutting down and restarting unexpectedly,” Wimborne says.

While the investigation is ongoing, Wimborne says they are making remediation efforts to neutralize the virus.

“At this point, we are just continuing to work… with the third party on the investigation. Of course, protecting information is a very high priority for us, so that’s another reason why we’re being so thorough with this,” Wimborne says.

SUBMIT A CORRECTION