×
How AI is enabling cybercriminals to rob public schools
Written by
Published on
Join our daily newsletter for breaking news, product launches and deals, research breakdowns, and other industry-leading AI coverage
Join Now

A school district recently fell victim to a sophisticated phishing attack where cybercriminals used AI to gather and weaponize publicly available information, leading to the theft of funds intended for a construction vendor.

The current threat landscape: AI tools are enabling cybercriminals to create more convincing phishing attacks against schools by automatically collecting and analyzing public information from district websites and documents.

  • Bad actors can now launch more sophisticated attacks with fewer detectable errors by using AI to process information from school board minutes, budget reports, and other public documents
  • The combination of AI tools and abundant public information makes schools particularly vulnerable targets
  • Cybercriminals can create highly convincing impersonations of legitimate vendors or staff members using accurate details harvested from public sources

Anatomy of a recent attack: A large public school district became a victim when criminals exploited their vendor self-service billing portal using publicly available information about construction contracts.

  • Attackers successfully posed as a legitimate construction vendor using accurate details about ongoing projects gleaned from public records
  • After gaining access to the billing portal, the criminals redirected payments by changing the vendor’s bank account information
  • The absence of functioning multifactor authentication (MFA) on the portal enabled the attack to succeed
  • A nearby district had suffered an identical attack months earlier, but legal restrictions on sharing cyber incident information prevented warnings from being issued

Key defensive measures: Technology experts recommend several critical steps to protect school districts from AI-enhanced phishing attempts.

  • Implementation of MFA across all district systems and portals is essential
  • External emails should be clearly labeled to help users identify potential threats
  • Districts should establish confidential channels to share information about cyber threats with other schools
  • Public information sharing should be limited, with sensitive details moved behind MFA-protected portals
  • Staff email addresses should be protected using internal filtering systems rather than posted directly online

Looking ahead: The evolving security paradigm: The combination of public disclosure requirements, limited cybersecurity resources, and restrictions on sharing incident information creates unique challenges for school districts facing increasingly sophisticated AI-powered threats.

  • This security environment requires a careful balance between transparency requirements and protective measures
  • Districts must evaluate their current information sharing practices while maintaining compliance with public disclosure laws
  • More sophisticated approaches to protecting public information may be needed as AI tools become more advanced
Anatomy of a Phishing Attack: How AI Helps Cyber Criminals Rob Schools

Recent News

New framework prevents AI agents from taking unsafe actions in enterprise settings

The framework provides runtime guardrails that intercept unsafe AI agent actions while preserving core functionality, addressing a key barrier to enterprise adoption.

Leaked database reveals China’s AI-powered censorship system targeting political content

The leaked database exposes how China is using advanced language models to automatically identify and censor indirect references to politically sensitive topics beyond traditional keyword filtering.

Study: Anthropic uncovers neural circuits behind AI hallucinations

Anthropic researchers have identified specific neural pathways that determine when AI models fabricate information versus admitting uncertainty, offering new insights into the mechanics behind artificial intelligence hallucinations.