Rockdale ISD employees are waiting for the full impact, and hoping for the best, this income tax season after an Internet “phisher” hit the jackpot.
The W-2 (wages and withholding) forms of about 350 persons who worked for the district last year ended up in the hands of a cyber criminal who has already filed some phony tax returns.
Supt. Dr. Denise Monzingo said Rockdale police, the FBI and IRS are working on the case.
She said while some district employees have already been victimized—their anticipated tax returns sent to the scammer—their money isn’t lost.
“It’s the responsibility of the IRS to make it good,” she said. “But this is a process which could take up to 120 days.
EMAIL—The scam involves the well-known technique of “phishing,” cyber criminals trolling the Internet for information which can be co-opted and used for illegal gain.
In this case a phisher managed to send an email pretending to be from Dr. Monzingo to an administrative employee.
That’s known as “spear phishing.”
“It looked very real,” Dr. Monzingo said. “It even incorporated my photo. The email asked ‘I’ be sent the W-2s of employees ‘for review’.”
She said the employee complied.
That happened Jan. 30. The district didn’t find out it was a scam until last week when it became apparent false tax returns had been filed for some RISD employees.
And there were other suspicious anomalies. In one case an employee who had filed a joint return for three decades saw that an individual account had been “filed” in 2018, and knew that had not occurred.
“Not everyone who has fi led was affected,” Dr. Monzingo said. “Those who filed ahead of the scammer filing a fake return appear to be okay.”
NUMBERS—Fake returns may not be the end of the impact.
While no personal financial information was breached, W-2’s contain Social Security numbers and that could open up whole new avenues of identify theft potential.
Dr. Monzingo said to counter that possibility the district is getting a monitoring service for all employees. That should provide notifi cation if an authorized attempt is made to use the information.
“We have met with every employee who has been compromised,” Dr. Monzingo said.
Those affected included teachers, administrators, maintenance personnel and even assistant teachers, she noted.
Since the W-2 forms also include former employees of the Rockdale ISD, the district has attempted to track down those individuals.
There’s extensive training planned to avoid future problems in the cyberscamming area.
Dr. Monzingo said the district’s Information Technology (IT) department is providing a program to all employees.
‘SCARY’—She described the incident as “really scary” and added “It’s getting harder and harder to stay ahead of online criminals.”
Rockdale ISD is far from alone. Last year, a similar “spear phishing” incident resulted in W-2 information for 1,700 current and former Belton ISD employees being stolen by a cyber criminal.
A similar incident occurred last year in the Corsicana ISD.
A search for data involving breaches at schools yielded a months-old, far-from-complete list that included the names of 36 American school districts.
- Log in or Subscribe to post comments.