Angel Vidal Jr., Director of Communications of the Manor Independent School District, said in a news release that the district had fallen prey to phishing—a fraudulent practice of using email or other messaging systems to get sensitive information that can be exploited for financial gain.
“The Manor Police Department along with the Federal Bureau of Investigation (FBI) is investigating an incident involving a phishing email scam that resulted in the loss of approximately $2.3 million to the Manor Independent School District,” Vidal said.
The spokesperson added that the investigation was ongoing and that there were “strong leads in the case.”
The scam involved three separate transactions dating back to November of last year, Manor Police Department Det. Anne Lopez told KEYE.
“Scams are unbiased, they reach anyone anywhere any time,” Lopez told the news outlet.
The affected school district serves over 9,600 students, according to its Facebook page.
One person wrote in the comments section that the stolen money “was for our technology and upgrading computers,” adding that “this is our children who are being stolen from.”
“We recognize the importance of serving others, celebrating success, and preparing our students for life,” the district says.
The FBI says internet crimes like phishing steal millions of dollars each year from victims.
“Phishing, also referred to as vishing, smishing, or pharming, is often used in conjunction with a spoofed email,” the FBI says, explaining that in their fraudulent correspondence, perpetrators often pose as a representative of a legitimate business or institution in order to gain the victim’s trust.
Besides email, criminals also use text messages to try and get users to divulge sensitive information like passwords, credit card numbers, and bank account information.
Special Agent Jake Frith of the Alabama Attorney General’s Office discussed a case involving around half a million cell phone numbers that were targeted by a phishing scam in Alabama.
The fraudster sent a raft of identical text messages asking users to click a link to verify their bank account information, which took unsuspecting users to a fake website.
“It was a fairly legitimate-looking website, other than the information it was asking for,” Frith said.
People were requested to submit personal financial information. Dozens of victims submitted their data, allowing the perpetrator to steal thousands of dollars.
“Within an hour, the fraudster had made himself debit cards with the victims’ account information. He then began to withdraw money from various ATMs, stealing whatever the daily ATM maximum was from each account,” the FBI explained.
The Federal Trade Commission says that to protect themselves against a phishing attack, people should install security software on their computers and run software updates on their phones when prompted.
The agency also urges people to protect their accounts by using multi-factor authentication and regularly back up their data to guard it against loss.