Public schools and universities have begun to be targeted by a gang of organised cybercriminals.
A report in the Washington Post claimed that the gang who have stolen millions from businesses across the United States over the past month, has switched its attention to schools in Colorado and Oklahoma and a university in Wisconsin.
It claimed that on the morning of 17th August, hackers who had broken into computers at the Sanford School District in Sanford, Colorado, initiated a batch of bogus transfers out of the school's payroll account. Each of the transfers was kept just below $10,000 to avoid banks' anti-money laundering reporting requirements, and went out to at least 17 different money mules that the attackers had hired via work-at-home job scams.
These were active for two days before a school employee spotted the bogus payments, with the school district learning that $117,000 had been stolen.
Sanford superintendent Kevin Edgar claimed that the attack could mean fewer resources for the rural school district, which serves just 340 children. Edgar said: “That amount of money comes down to financing projects, such as maybe buying a new school bus, or updating our playground. Those are the types of things that this missing money will have an impact on."
A week before, a similar case occurred in the Sand Springs, Oklahoma school district, where superintendent Lloyd Snow said thieves stole roughly $150,000, after breaking into the company's online bank account and setting up two batches of fraudulent transfers.
Finally, Marian University, a Catholic university in Fond du Lac, Wisconsin, was hit on 5th August when thieves stole more than $189,000 by initiating bogus payroll transfers to 20 money mules.
However the Post claimed that some schools that have been hit by similar attacks have been luckier as they bank with institutions that have decided that the potential public relations hit from being stingy with a school district may be more costly that simply eating the cost of the fraud.