Cleveland Metropoltian School District teachers experience email scam resulting in paycheck hack

Posted at 11:12 AM, Jan 16, 2017

On Friday, January 13, teachers of the Cleveland Metropolitan School District were victims of an email spoofing scam that resulted in their direct-deposit compensation being directed to an unknown third party.

Roseann Canfora, chief communications officer of the CSMD, said the District issued paper checks totaling $100,786.99 to 61 employees affected by the scam. There are more than 7,000 people employed by the CMSD.

In a letter the CMSD educators, CEO Eric Gordon wrote that the district has taken steps to prevent additional malicious activity and reported the incident to law enforcement.

Read the full letter below:

Good evening CMSD Educators,
This morning we became aware of an incident that affected the financial information of a small number of our employees in that some of our employees were the victims of an email spoofing scam that resulted in their direct- deposit compensation being directed to an unknown third party. We have already taken steps to prevent additional malicious activity, reported this incident to law enforcement, and have called in experts to help resolve this problem now and for future pays. Meanwhile, paper checks have been printed for those who were affected and we are in the process of delivering those checks now.
I want to remind all employees of ways to keep your CMSD account and your personal information safe. First, please remember that CMSD will never ask you to change your network password via email. The only way your password can be changed is by logging directly into the “login dialogue box” when you first turn on your computer. Also, please always use a network password that is specific and unique to your CMSD account. Do not use a password that you may also use on other accounts such as your online banking or any other financial accounts. Finally, if you ever have a reason to question whether you should follow a link received in your email, please call the Help Desk and speak to a person who can validate the request.
I will be updating everyone about this issue as soon as more information is available. In the meantime, if you have a question about your individual payroll, please contact the Help Desk by phone at 216-838-0440 or by email at Support will be available between 8 am and 3 pm on Saturday and Sunday, and 6 am to 8 pm on Monday to assist.

My apologies for the difficulties some of our employees experienced today. I deeply regret that today's event occurred.

Sincerely, Eric Gordon

“By just clicking the link they can perform actions on your behalf,” said Michael Benich, a Cyber Security Research Analyst.

Benich said hackers are evolving and their email scams are becoming more convincing, proof he says that we all need to be more vigilant.

“Schools are a target. They’re not as big as a target as what we see as banks, financial institutions, or things of that nature but schools are definitely a target because they have people’s personal information, they have personal data, and at the end of the day, that’s all an attacker wants,” he said.