Phishing email sent to Staples students after staff account was compromised – Inklings News

Principal Stafford W. Thomas Jr made multiple announcements during school on Monday, Feb. 2 for students to visit the assistant principals’ office if they had submitted personal information on the Google form. Students were then told to block any new numbers or emails that pertained to the original phishing email in order to ensure the security of their personal info.

 Director of Technology for Westport Public Schools, Natalie Carrigan alerted faculty yesterday of a new phishing scam that places fraudulent events directly on Google calendars, marking the third distinct type of phishing attack to target Westport Public Schools within the past week. Carrigan stated the technology team is working on a tool to address the calendar threat but it will “take a while” to resolve. Staff were asked not to report the issue further as the team is already addressing it.

Earlier this week, Westport Public School officials confirmed on Monday that a phishing email falsely advertising a work from home employment program by “Feed the Children” organization was sent to students after a district staff email account was compromised late last week.

The email, which was sent from a Spanish teacher’s account, presented a part-time job opportunity connected to a financial aid program and included a linked Google form encouraging students to apply. Because the message was sent from an internal staff account, it was able to bypass normal email restrictions and reached students’ inboxes across the district, including Staples High School.

“

The district’s technology department has since removed all copies of the email from the school system.

— Olivia Saw

According to an email sent to families by Carrigan, the email account was hijacked on Friday afternoon. This account was then used to send a spam email to students in grades K-12 with the subject line “Employment Program For Westport Public Schools.”

The district’s technology department has since removed all copies of the email from the school system, but administrators will continue to identify students who may have clicked the link and submitted personal information through the attached form.

Some Staples students reported that the form requested personal details, including their name, email address, home address, date of birth, grade level and even the name of their bank. District officials emphasized that no district systems were breached beyond the single compromised email account and that student school-issued accounts remain secure.

Families of students who filled out the form were contacted directly. In follow-up communications, the district advised parents to monitor personal email accounts and financial activity and to consider changing passwords and creating additional security measures. Some students have also reported receiving follow-up text messages from unknown numbers, which the technology department says should be blocked immediately.

These incidents have produced reminders about digital safety. Carrigan emphasized in her email to parents that students should never share their passwords or personal information through an email link, even if the sender appears to be a familiar staff member. Any suspicious emails should be reported to a teacher, administrator or the technology department.