Many students and staff across the Gresham-Barlow school district were surprised to find an email from a staff member trying to sell items on behalf of another staff member in their inbox in early February. Dozens of items, ranging from hundreds to thousands of dollars, were available according to the email, and at low prices that would be considered a steal for anyone looking to acquire them. The items included various kitchen appliances and even a Range Rover, all being sold under the premise that a nonexistent staff member, whose husband recently passed, was moving away, and she wanted to sell his belongings.
These emails were sent from multiple different staff accounts to thousands of other email addresses in the Gresham-Barlow school district. According to Mr. Patchin, Barlow’s ‘Tech guy’ phishing scams were also sent the morning of the emails received by people throughout the district, and he believes, “Those phishing scams, I think, are what caused the others.” Essentially, those who clicked on the link of the phishing email got their email hacked, and the other emails were later sent from their hacked email address.
Luckily, the hackers only wanted money from people who believed they were truly selling items. Mr. Patchin described the scam, saying, “You contact them, and then they start communicating, trying to get the communication out of our system, so we can’t monitor, regulate, and control it.” After enough contact, the hackers want the victims to send them money to purchase the nonexistent products for sale. To protect students against the scam, tech employees “were monitoring the student emails pretty closely as to who clicked on that link,” according to Mr. Patchin, and several students who did click on the link were informed individually that the link was a scam, and told not to continue communication.
Although it took a few days to clean up the scam, passwords and authentication were reset for the compromised accounts, and, after a thorough check by the Tech department, it was determined that the hackers were mostly limited to Gmail, and no other information was taken. Staff members will continue their scam and phishing email training to protect themselves against future attacks by staying vigilant and practicing spotting suspicious emails.
To protect yourself from any scams in your inbox, you should ask yourself a couple of questions before interacting with the email. First, is this email coming from someone you would expect it to come from? For this scam, it is unlikely that a teacher would send a mass email to students asking them to purchase second-hand products. Second, you should ask whether there is another email address within this email that they want me to contact? The biggest red flag that the emails were a scam was the email address at the end, which didn’t match the sender’s address and was not an email address within the Gresham-Barlow school district. Lastly, some email scams will contain a link, so you should ask yourself, does the link look like the website the email claims it is sending you to? If not, do not click on the link. It is important to keep your account and information safe against potential email scams, so always be suspicious of unexpected emails.
