Schools Could Face Increase in Phishing Attacks Targeting Staff, Students and Parents

Already grappling with Zoombombing incidents, remote education platforms and parents’ emails are the next site of hacking threats in the education sector.

• By Haley Samsel
• May 06, 2020

The uptick in cybersecurity attacks has not spared school districts and students during the coronavirus pandemic, with cybersecurity experts concerned that hackers are targeting less cyber-savvy parents and kids with phishing attacks.

Already, administrators have grappled with “Zoombombing” incidents where online trolls took advantage of open Zoom conferences or snuck their way into a classroom meeting. Several of those trolls yelled obscene language or showed pornographic images, leading some districts, including New York City schools, to ban the use of Zoom by teachers to conduct virtual classes.

In addition, schools are prime targets for other types of cyber incidents, according to Governing. The FBI has warned that remote education platforms, used by schools across the country to upload assignments and facilitate teacher-student communication, have been targets for hackers.

Because districts are known for not having sufficient cybersecurity staff or training for existing staff, hackers have kept schools in their sights even before the pandemic, Governing reported. The number of attacks in 2019, which amounted to around 350, could go up this year particularly as attackers take advantage of “social engineering attacks,” said James Yeagar, CrowdStrike’s vice president of public sector.

“Ed tech is at risk of falling victim to these schemes, as students and/or parents may click on a link thinking it’s a virtual classroom or some other method of electronic curriculum when instead it’s a cybercriminal attempting to gain login credentials,” Yeager told Governing.

Since families are mostly using personal devices, including smartphones and computers, to access classroom material or access district updates, the entire system is at risk because those IoT devices could be at higher risk due to a lack of security patching.

Computer or iPad distribution to students who do not have access to a home computer could be helpful in addressing some of the IoT risks since the devices could be maintained by the district. But districts would need enough staff bandwidth and cybersecurity know-how to carry out this plan.

Yeager said that school administrators can still do their part to help students and parents navigate a challenging technology environment during the pandemic.

"While school systems may not have the IT infrastructure, tools and manpower that large enterprises do, they can still do their part to ensure teachers and students can safely keep class in session as we get through this crisis," Yeager said.