A miscreant managed to swipe $2.3m from a Texas school district after staff inadvertently wired large sums of public money to the crook's bank account.
It appears either a hacker managed to compromise systems and alter account details, or a staffer was tricked into changing the information by social engineering. In any case, so far we know that a worker fell to a phishing email, internal records were changed, and money ended up being transferred to the wrong account – a criminal's coffers.
The Manor Independent School District, from a suburb just outside of Austin, USA, said it has called in the FBI to probe the theft. The district services nearly 10,000 students.
Five years in the clink for super-crook who scammed Google, Facebook out of $120m with fake tech invoicesREAD MORE
"This investigation is still ongoing and although there are strong leads in the case we are still encouraging anyone with information to contact [police]," the school district said of the seven-figure scam. "Manor ISD appreciates the Manor Police Department for working together to communicate this to our community."
The school district did not say exactly how scumbags were able to extract so much money, though telly station CBS Austin reported the money was funneled out in three separate transactions in November. The caper was only spotted and reported to police in December by a school district employee.
The Manor district is hardly alone in falling victim to these sort of phishing attacks. Last year, a small town in Colorado was taken for $1m by a targeted phishing attack. In that case, the hackers impersonated a construction company that had been doing business with the city and directed workers to re-route payments to the criminals' account.
Manor also not alone in being a school district targeted by criminals. Because districts often manage thousands of computers with a minimal IT staff, they can be low-hanging fruit for ransomware and other electronic attacks, with dozens of schools falling victim over the last year. ®