A second local school district reported that dozens of its employees had their electronic paychecks rerouted in another online phishing scheme.
Fulton County Schools encountered the cyber theft problems for its Aug. 31 payday, when paychecks for 46 employees failed to show up in staffers’ bank accounts.
A third attack that targeted Clayton Public Schools last week was unsuccessful.
More than $75,000 was rerouted onto money cards set up by the unknown scammers; the district recovered about $3,400 of that amount by reversing the transactions.
The district issued new paper paychecks to the employees, according to spokeswoman Susan Hale.
Fulton County has insurance coverage to guard against such losses, but the deductible it would have to pay to make a claim is more than the amount of missing money, she said.
The incident is the second reported payday attack on local public school employees and mirrors online crimes that have taken place across the country.
On Friday, 27 Atlanta Public School employees fell victim to an apparent phishing attack when cyber thieves allegedly snagged $56,459 in payroll funds by redirecting the money from their accounts.
APS reimbursed the employees and reported the incident to the Georgia Bureau of Investigation.
Similar instances of payday mayhem have occurred in Cleveland and Denver school districts.
Fulton County reported its payroll problems to the U.S. Secret Service’s Cyber Crimes Unit because it appears that the activity crosses multiple jurisdictions, Hale said.
She said it appears that affected employees received “phishing emails” -- fake emails that try to trick the recipient into giving out personal information.
The employees then provided login credentials that allowed the scammers to change their information and redirect their paychecks.
“There is no evidence to suggest that the school district’s database was compromised or that anyone else was affected other than the individuals targeted through the phishing scheme,” Hale said, in a written statement.
Fulton County and APS are both paying for a year’s worth of online identity theft protection services for the targeted employees.
Atlanta officials cautioned employees to be skeptical when they receive unsolicited emails.
The district advised employees to verify that the email is real and to avoid replying to it or clicking on any links or attachments.
Cyberthieves tried but failed to reroute direct deposits for 28 Clayton County school district employees, officials said. The district learned of the unsuccessful attack Friday and officials said there was no indication that any money actually was redirected.
Clayton officials reported the incident to state investigators.
About the Author