EXCLUSIVE: Walton School District falls victim to scam

Published: Mar. 21, 2017 at 7:18 PM CDT
Email This Link
Share on Pinterest
Share on LinkedIn

Scammers seem to always be on the prowl, looking for anyone susceptible to falling for their tricks and recently one area school district is now among many who have fallen victim to tax scams.

"Well we were victims of basically a very elaborate phishing scheme," said Walton School District Superintendent A. Russell Hughes.

"We received an email from an unknown person that was impersonating the superintendent," said Chief Information Officer, Henry Martin.

Hughes said a scammer sent a series of emails pretending to be him to various employees asking for personal information.

"One of my employees basically contacted me and said "Mr. Hughes, did you get the information request?" and I said I didn't request information and immediately they kicked into "oh my goodness, something has happened," Hughes explained.

"All they did was sent an email and they used his name as the display name," said Martin. "And what I mean by that is it displayed the superintendent's name but the actual address was not the superintendent's."

"[This] put the pressure on the employees that work for me to get information that I possibly could ask for and would have access to. They did a great job of identifying those people," said Hughes.

The school district says although they may no longer be compromised, they are taking steps to make sure anyone involved is protected.

"So everybody has been notified. We notified the police and we've notified the IRS to make sure that we kind of gave them information up front just in case criminals were going to try and do anything with tax returns," Hughes made clear.

But Hughes did say they weren't the only district in the state that fell victim to this scheme.

"I was made aware of five different districts that were subjects of this kind of elaborate scheme on the same day," Hughes revealed. "I understand there were more, but there were five that went to the Identity Protective Agency that we went to."

"It's not a hack. They're not breaking into your system," Martin clarified. "So that's why its so hard to guard against These. That's why you have to really pay attention to who the sender is, where its from and the attachments that are associated with the email.

"There is not a good part of this," said Hughes, "but the greatest part is there were only 30 that were impacted in Walton County. There are some districts that all of their employees were impacted."

Hughes said since discovering the scheme, the school district has taken measures to teach their employees what to look how for, and how to avoid a situation like this from happening again.

He also says they'll be providing identity protection services to those affected.