The Texas Education Agency on Jan. 3 notified school administrators of a growing threat to K-12 school employees nationwide who are paid via direct deposit.

Cyber criminals are using phishing emails to attempt to gain account login information from users so they can change bank account information to reroute employees’ directly deposited paychecks.

The Multi-State Information Sharing and Analysis Center alerted TEA and others in the education sector of the growing threat in early December, urging school district information technology departments to be on alert and to take precautions to protect employees.

While the MS-ISAC reports most of these attacks target universities, it has seen a recent increase in incidents involving K-12 employees.

The majority of recommendations outlined by the MS-ISAC advisory are directed at IT departments, however individual users can protect themselves from malicious emails by taking these steps:

  • Never provide any personal information, such as account numbers, passwords or Social Security numbers, in response to an email from any source. Ideally, this type of information should never be shared in an email or text message of any kind, even with family and close friends.
  • Never click on links, download or open attachments from unknown sources. If in doubt, don’t hesitate to ask the IT specialist on your campus to review the questionable emails.
  • Only download files from trusted websites and use an anti-virus program to scan the file before opening it.
  • Use unique passwords for each account, especially for email and financial websites. Changing passwords on a regular basis provides the best protection as long as passwords are not reused.
  • Routinely check with your financial institution to ensure your paycheck is being correctly deposited and check for any strange activity.

If an expected paycheck deposit is missed or you are concerned that your account may have been compromised, immediately alert your bank and the payroll department in your district. They can stop transactions, verify your account information and work with law enforcement to help recover missing funds.