Email Phishing Scam Costs Manor ISD $2.3 Million

Three separate fraudulent transactions were made after phishing emails were sent to the Texas school district back in November.

Email Phishing Scam Costs Manor ISD $2.3 Million

A Texas school district fell victim to an email phishing scam, costing the district $2.3 million.

Phishing emails were sent to the Manor Independent School District (ISD) in November, leading to three separate transactions, reports ZDNet. Phishing is the practice of sending fraudulent emails or making fraudulent calls in an attempt to convince someone to hand over sensitive information or pay a fake invoice.

The content of the emails and who made the payments is not yet known. An employee discovered the scheme a month later, leading to the involvement of the FBI and the Manor Police Department. A press release from the district said the investigation is ongoing and there are “strong leads.”

“This is money taken away from the kids, and the school district’s funds, taxpayer money. Unfortunately, stuff like this happens all the time, it’s just usually not to this magnitude,” said Manor Police Sergeant Craig Struble. “They could use a similar email from somebody you know and trust, they learn information that way, maybe change a word or two so you respond with information. It could be a domain.”

Manor ISD is hardly the first district to fall victim to cybercrime, although phishing scams are less common than other types of cyberattacks. In 2018, Crowley Independent School District near Dallas lost nearly $2 million as a result of an email phishing scam. In April 2019, Scott County Schools in Georgetown, Ky., lost $3.7 million.

A report from the K-12 Cybersecurity Resource Center found there were 122 publicly disclosed cyberattacks at 119 K-12 public education institutions in 2018, averaging out to an attack every three days. Of those attacks, 15.57% were phishing scams (approximately 20). Below is a breakdown from the report of the types of cyberattacks schools experienced in 2018.

Report author Doug Levin maintains an interactive map of publicly disclosed K-12 cybersecurity incidents. Since 2016, there have been over 700 incidents, according to the map. Levin estimates as many as 10 to 20 times more undisclosed breaches occurred in 2018 within the education sector.

According to the Federal Trade Commission (FTC), phishing emails or text messages may:

  • Say they’ve noticed suspicious activity or log-in attempts
  • Claim there’s a problem with your account or your payment information
  • Say you must confirm personal information
  • Include a fake invoice
  • Ask you to click on a link to make a payment
  • Say you’re eligible to register for a government refund
  • Offer a coupon for free items

For more information on how to recognize and avoid phishing scams, visit the FTC’s website.

About the Author


Amy is Campus Safety’s Senior Editor. Prior to joining the editorial team in 2017, she worked in both events and digital marketing.

Amy’s mother, brother, sister-in-law and a handful of cousins are teachers, motivating her to learn and share as much as she can about campus security. She has a minor in education and has worked with children in several capacities, further deepening her passion for keeping students safe.

In her free time, Amy enjoys exploring the outdoors with her husband, her son and her dog.

Read More Articles Like This… With A FREE Subscription

Campus Safety magazine is another great resource for public safety, security and emergency management professionals. It covers all aspects of campus safety, including access control, video surveillance, mass notification and security staff practices. Whether you work in K-12, higher ed, a hospital or corporation, Campus Safety magazine is here to help you do your job better!

Get your free subscription today!

One response to “Email Phishing Scam Costs Manor ISD $2.3 Million”

  1. Kirk Walker says:

    You would expect school personnel to be trained to avoid phishing schemes. For that reason, I hope law enforcement is looking into the possibility of an inside job. It’s rather easy to claim ignorance when actually being in cahoots with the scammers.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety Online Summit Registration Promo Campus Safety HQ