A spear phishing email was sent to an anonymous Argyle ISD faculty member on Jan. 18, requesting all current and past district employee W-2 forms. The email appeared to be sent from Superintendent Dr. Telena Wright, and the unnamed employee fulfilled the request, comprising 473 W-2 forms to an unknown scammer.

“I think the employee was taken momentarily off guard,” Wright said. “I am very sorry that has happened.”

According to the United States Computer Emergency Readiness Team (US-CERT), ‘Spear phishing’ emails are an attempt by an individual or group to solicit personal information from unsuspecting users.

In this case, the scammers requested all district W-2 forms, containing information such as social security numbers, addresses, and phone numbers from current and past employees. The district administrators notified the IRS, FBI, and local law enforcement within two hours of the breach, then consulted with Texas Association of School Boards (TASB) legal counsel before informing faculty members two days later.

A district wide email explaining the incident was sent out at 9:56 a.m. on Jan. 20. Many faculty members were frightened because this sort of information can be used to open bank accounts, make purchases, and file fraudulent tax returns.

However, some teachers did not believe the emails informing them of the W-2 breach because AISD has experienced multiple phishing scams throughout the 2016-17 school year, and the email came from an unfamiliar Argyle address called “Argyle Notify.” The most recent incident reported was last October when a supposed employee sent a Dropbox link requesting others to login with their personal information. In response AISD gave phishing scam training to employees to be on the lookout for fake, unrecognizable email addresses and grammatical errors. AISD even did an audit, a fake phishing scam, to test the staffers. So, many employees were on alert for suspicious activity.

“We have had a lot of other phishing emails sent to us, so we just throw them away and don’t think much about them,” English teacher Terra Lyon said. “At first we thought it was fake. We didn’t think that could really happen.”

But their fears were confirmed within two hours of the first notification on Jan. 20 when faculty received two official, verified emails from both Dr. Wright and Principal James Hill informing current staff that their W-2’s had truly been released to the scammers.

“I threw my hands up in the air and immediately got angry,” biology teacher Desiree Good said. “It’s our information. We are about to get our taxes. We are about to have to file, and now you just gave all our information to someone else.”

In order to protect employees, the district is offering all affected current or past employees a free, one-year membership of Experian’s ProtectMyId Alert, a product that helps detect possible misuse of personal information and provides identity protection support. This service is provided by the district’s TASB Insurance.

With tax season rolling around, employees have an even further heightened sense of concern about fraudulent activity. Affected staffers admit they will have to diligently monitor their accounts this season, but also for rest of their lives.

“Now it is a concern forever,” Good said. “Nothing will ever really be in order because we will always have to be on watch. Next year refund season comes around. I’m still at Argyle. What’s going to stop someone from fabricating a new W-2 for year 2017?”

Unfortunately, the phishing scam is still far from fixed. Many employees have to spend upwards of three hours calling different banks, reviewing accounts and changing passwords. A letter informing substitute teachers and past employees was not sent out until Jan. 26, eight days after the initial release.

To effectively avoid circumstances like this in the future, AISD is planning on doing more audits and training with the staff.

“[We plan to] give more training to employees to watch for the email address,” Dr. Wright said. “Anytime you get anything that seems questionable ask people if looks strange.”

This post is subject to updates as the story progresses.