IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

New York Districts Warn About Mail Scam Alleging Data Breach

Brasher Falls and Norwood-Norfolk school districts are warning families about scammers sending paper documents claiming that a student's data was exposed, then directing them to a website that actually steals their data.

phishing scam
(TNS) — Local school officials are warning families of a new scam involving the release of personal information.

In a notice on the Brasher Falls Central School District website, officials said they had been advised of an incident that recently took place in a nearby school district in which scammers sent a paper document stating that a student's personal identifiable information had been released from a software program used by the New York City School District.

"With the family having moved to the area from New York City this school year, they became nervous and followed the directions on the document. When their family connected to the website, not only was this student's actual information stolen by the cyber criminals, but their home computer was also corrupted with many unwanted software programs. The family had also used the student's new school email address in their response, which also put the school in jeopardy," officials said.

They said there had been no reports of Brasher Falls Central students receiving any letters, "but we wanted to share with everyone that these types of scams are out there. As you can see, the family could have been made aware of this scam if they had looked at the header on the page. It says that it is from the New York City Department of Education, but has a California address."

Norwood-Norfolk Central School Superintendent James M. Cruikshank put out a similar warning in his latest superintendent's update. He shared information from the regional Board of Cooperative Educational Services technology director.

"Yesterday, we had a report of a local student receiving a piece of physical postal mail that claimed that there was a cyber incident involving the student's personal information. This was a crafty scam given the letter context appeared to be legitimate, mirroring a recent software incident of a program that is widely used," the technology director said. "The letter advised the reader to enroll in free identify protection services. However, the 'contact us' information in the letter was altered so rather than being connected to a legitimate enrollment site, the user, after providing their personal information was redirected to the scammers' website which proceeded to download unwanted software to the student's and families home computer."

"This letter included legitimate names and titles of NYC school system administration and perhaps the only tipoff would be the address header at the top of the page included a California address. It is unlikely that NYC department of education would outsource their communications in that way, but that likely would easily go unnoticed by a concerned parent involved in the body of the message," the director said.

©2022 Watertown Daily Times (Watertown, N.Y.). Distributed by Tribune Content Agency, LLC.