Phishing Scams Spreading at Schools — How to stay safe (Part 1 of 2)

Many other schools are currently being targeted by phishing scams that are spreading quickly. These emails look real — often pretending to be from the Head of School, CFO, Board Member, or even from a compromised colleague’s account. No matter the source, the goal is the same: to steal passwords, money, or sensitive data. Protecting yourself also protects the entire school community.

Criminals ramp up these attacks during busy times like the start of school, and we’re already seeing a rise in successful attempts. Here’s how to spot them, and how to react, before it’s too late:

✅ Three Quick Checks Before You Click

  • 👤 Sender: Do you know them? Were you expecting this email?

  • ⚠️ Urgency: Does it demand immediate action or sound unusual?

  • 🔗 Links: Hover before you click. Does the address look right?

🚫 If Something Feels Off

  • ⚠️ Don’t click: Don’t reply, don’t follow links, don’t open attachments, don’t enter your username, password, or one-time code.

  • 👤 Contact and confirm: Call or text the sender at a known good number (don’t reply to the email — the account may already be compromised).

  • 🗣️‼️ Report it: Leverage your school’s system for reporting phishing emails (e.g. click the “PhishER” fish hook if you have one) or forward the email to support.

🆘 If You Already Clicked

Contact OunceIT or your school’s IT support immediately. We will help secure your account. There’s no shame in reporting it quickly; these scams are designed to fool even careful people.

⚠️ The Risk if Scammers Succeed

  • 💰 Money: Phishers (criminals!) will swipe your credit card number, gain access to your bank account, or intercept a payment or money transfer. They may even be able to extort you or the school by ransoming your data! 

  • 🤫 Passwords and sensitive info: Phishers (criminals!) will obtain your passwords and access additional accounts, including accounts with sensitive information and financial records

  • ✉️ Forward the attack: Phishers (criminals!) will use your email account to attack your contacts including co-workers, friends, and family.

Please continue on to Part Two of this two-part post to see some specific examples of phishing emails that are currently circulating. Remember, criminals who are making these phishing attempts are improving daily, and their attempts are getting more insidious and difficult to identify!