Wilton school is victim of phishing and spoofing
The good thing about a recent cyber security scare at Wilton High School is no one fell for the bait and no identities and data were breached.
But that doesn’t mean the hacker(s) didn’t try.
About two weeks ago, approximately 15 high school students and parents reported getting suspicious and threatening emails at their school email accounts.
The emails appeared to be coming from themselves, and had the same email address as their accounts. This is known as “spoofing,” when a hacker impersonates another device or user on a network.
The sender of the email then indicated they had taken over the victim’s email and demanded payment in Bitcoin, a cryptocurrency, to restore the victim’s contact lists.
This threat turned out to be what is called a “phishing” expedition, where the sender tries to extract personal information from the victim.
No one responded to the hackers and it turned out they did not have access to the email contact list so no data were compromised.
The school district’s IT department was alerted about the suspicious emails and took action. “Our IT team and school team responded quickly and effectively,” said Fran Kompar, director of digital learning at Wilton public schools.
“As soon as we found out, we contacted families and students and instructed them to change their passwords. We don’t know of anyone who responded to the emails,” she said.
Kompar has seen an increase in the number of spoofing and phishing incidents this year. “We’ve ramped up security and filtering,” she said.
Spoofing, phishing and other types of cyber attacks are happening in school districts across the country. In some cases, the cyber breaches have led to “ransomware threats” where the hacker actually invades a computer system and holds information on it hostage unless a “ransom” payment is made to an untraceable address in Bitcoin.
Ransomware attacks have been reported by Connecticut schools in Middletown, Wallingford, New Haven, Pomfret, and most recently, Wolcott.
“It’s important that staff and students are trained to know what this is and we are now working on a training module as well as software that has a training program on it,” Kompar said.
The district’s IT staff is also working with Google, G Suite, and Google Docs to review any cyber security vulnerabilities with those popular programs.
“Cyber security is a big topic with all technology directors and we are trying to keep ahead of it,” Kompar said.
She said all last year the schools had fewer cyber security incidents than they did in just the first month of the current school year. “We need to step up training of students, staff and parents, and our own systems,” she said.
To keep students and parents aware of cyber security issues, the district’s website, wiltonps.org, has information on digital learning, data security and privacy.
“In this era, we cannot overstate the importance of cyber security. It’s important for us to remain ever vigilant and be aware of actions and trends. Our IT department is working with students and families to learn how to handle these situations now that they are more prevalent,” said Wilton High School Principal Robert O’Donnell.