The High Cost of Phishing in K-12 Schools

Recent k-12 cybersecurity report highlights the high cost of phishing for school districts

Phishing has been around since the first time the term was used on January 2, 1996, and it’s gotten worse every year since then. As cybercriminals have become more sophisticated in their phishing techniques, the cost of phishing and phishing related incidents have started to skyrocket. Originally, the early hackers known as phreaks used America Online (AOL) to trick people into sharing information that the phreaks could use to wreak havoc.

The phreaks started out by creating a scheme that used randomly generated credit card numbers. After that technique was shut down, they began developing other ways to rip off their victims. And, the term phishing was born.

Today, cybercriminals using phishing techniques target K-12 schools with mass email phishing campaigns. They use malicious attachments and trick their victims into opening the attachments or clicking on a phishing link in the email that collects personal information for some seemingly reasonable purpose.

We recently hosted a panel discussion with Doug Levin, National Director of K12 SIX and the author of the State of K-12 Cybersecurity: 2020 Year in Review report, and several K-12 IT leaders to talk about the results of the report and how school districts are fighting cyberthreats such as phishing, ransomware, and more. You can watch the panel discussion recording to learn about the attacks that were recorded in 2020, and how others are fighting back.

[FREE WEBINAR] How To Protect Your District's Data From Ransomware and Phishing >>

Costs of Phishing Attacks in Schools Have Reached New Highs

One of the shocking statistics that Doug shares in his report is the increasing cost of phishing related attacks targeting K-12 schools. From 2016 through 2020, the median amount of money stolen from school districts via phishing campaigns is $2 million. We reached a new record in 2020, with $9.8 million being stolen from a single school district.

The thing those in charge of K-12 cybersecurity need to understand is that phishing has gotten much more sophisticated over the years. Virtually everyone has received a phishing email such as the one purporting to be from a wealthy foreigner who wants to give you millions of dollars if you’ll only send a few hundred dollars for processing the transfer. Many people fall for this approach, but even more people are amazed that anyone could be taken in by it.

Today, while the number of phishing attacks are down from previous years, the phishing campaigns against school districts are much more sophisticated and their impacts are more devastating. Hackers take the time to research a school district. They identify the individuals in the district who have financial authority and their contractors. Then, they use phishing emails to do things like change the payment routing information for major contractors, gain access to even more sensitive data and/or user accounts, and activate malware in the victim’s network.

Frequently, these are “spear-phishing” attacks, meaning that the emails sent to school districts look like they’re coming from a known or trusted source.

Sometimes schools can get some of the money back, but it depends on how fast the school and/or the contractor spot the problem, and how fast the hackers can get the money out of the country. Increasingly, these situations aren’t ones where someone should have known better. They are professionally written and extremely difficult for even the wary recipient to spot as a phony.

Phishing and Ransomware

Ransomware attacks are plaguing districts across the country. Ransomware in the cloud is becoming more of a threat, but fewer district IT teams are aware of it. In fact, Google cloud ransomware attacks are becoming more popular since so many schools use Google apps. The problem is complicated because school districts are completely responsible for preventing attacks coming from the apps.

The relationship between phishing and ransomware is clear. According to statistics published on, 91% of cyberattacks begin with spear-phishing emails. And, because those emails are so well designed, many of those attacks are successful. Experts are finding that cybercriminals are using trusted domains and legitimate hosting sites such as Constant Contact or SharePoint to launch extremely sophisticated attacks.

Stopping ransomware attacks is even more critical in today’s environment. The 2020 Year in Review report noted that there’s a rise in the number of K-12 ransomware attacks where not only is the school district locked out of their data, but the hackers have downloaded sensitive data before the ransomware demand was made.

These criminals threaten to distribute this stolen data to make K-12 administrators more likely to submit to their ransom demands. They are also using this stolen data to mount new phishing attacks and account takeovers, sometimes against the same victim after the ransom is paid. There have also been incidents where the data is used to extort parents, students, and district employees.

[FREE WEBINAR] How To Protect Your District's Data From Ransomware and Phishing >>

3 School Ransomware Prevention and Protect Tips

Luckily, there are things you can do to protect your district against ransomware attacks.

1. Monitor Early Warning Signs

It’s rare that a ransomware attack happens without warning. You can monitor ransomware early warning signs such as the following:

  1. Take action if you see an increase in the amount of spam, phishing, lateral phishing and spear phishing emails your district is receiving. Train your students and employees on how to spot these types of emails and how to report them.
  2. Look for suspicious logins. It could be a hacker testing your systems.
  3. Identify when your systems might be the victim of a “test attack” against a couple machines. It’s probably hackers preparing for the big event.

2. Address the Actions that Can Mitigate Ransomware Attacks

Here are some of the top things you can do to mitigate school ransomware attacks, according to the Cybersecurity & Infrastructure Security Agency:

  1. Create and maintain a business continuity plan
  2. Establish regular software patching schedules
  3. Find opportunities to use multi-factor authentication
  4. Promote cybersecurity education within your district

3. Take the Advice of Your Peers

During the panel discussion we recently hosted, the panel came up with a number of suggestions about school ransomware protection, including:

  1. Make sure to regularly evaluate your data to determine what you need to retain and what you can delete
  2. Block macros coming from the internet because it’s a common entry vector
  3. Conduct cybersecurity drills to practice how to continue operations during a power outage or ransomware attack

You can learn more tips from your peers by watching the webinar recording.

The high cost of phishing and ransomware attacks is taking a bite out of already stressed school district budgets. You can no longer afford to ignore the problem. Cybercriminals are more sophisticated, and you need automated tools along with the right procedures to protect yourself from phishing and ransomware attacks.


© 2024 ManagedMethods

Website Developed & Managed by C. CREATIVE, LLC