From Multi-State Information Sharing and Analysis Center (MS-ISAC), 12/4/17
“The MS-ISAC has seen an increase in cyber threat actors sending phishing emails to K-12 public education employees for the purposes of obtaining account login information. In these incidents, this information is then typically used to modify the employees’ direct deposit account information. By changing this information, the cyber threat actors reroute the employees’ paychecks to a financial account under the actors’ control. No specific payroll platforms are being targeted, as reports indicate the victims have used various platforms for payroll functionality.
Historically, the MS-ISAC has seen this attack target the education sector and universities in particular. Though universities are still targeted, the MS-ISAC is currently seeing an increase in K-12 school incidents.”