Email Hackers Impersonate Principal
November 26, 2018
Principal John Walker’s email has been continuously impersonated by various Google accounts since last fall, sending frequent emails to staff asking for personal information such as passwords. The most recent email sent on October 29 asked teachers to purchase an iTunes gift card for him.
Walker said he knows of at least 4 occasions where these phishing schemes have occurred.
Site support technician Brendan Kearny said these impersonations happen when “people trying to steal identities or trying to gain access to our information create a Gmail that impersonates John Walker and sends it out to all of the staff hoping that they can get them to respond.”
According to Walker, the impostors include the phrase “CHS head of school” to make the emails seem legitimate to faculty.
Science teacher Patrick Wildermuth received his 1st fake email on October 29. According to Wildermuth, the email “asked if I was available and I wasn’t at school that day and I thought, ‘Well, that’s kind of weird.’ He can look at the schedule and know I’m not if I was at school because it was 7th period.”
After replying “Is there anything I can do by email?” to the message, Wildermuth received another email asking for him to purchase an iTunes gift card. It read: “Can you help me get an iTunes Gift Card from the store right now? I will surely REIMBURSE you back today once I’m done with the meeting.”
At this point, Wildermuth was suspicious. “Reimburse was in totally capital letters and then I thought, ‘Okay, that’s really not him,’ so evidently there was some phishing scheme,” he said.
Wildermuth reported the incident to the tech department and deleted the email. “I haven’t gotten another one. That was the 1st one I’ve gotten, but evidently, teachers have gotten them earlier,” he said.
Once Walker was notified of this specific incident, he said he thought, “Oh no, here we go again, because it wasn’t the 1st time that it’s happened.”
According to the tech department, it is almost impossible to block the impostor. “Sometimes we can block it if it’s coming from a particular domain that we are able to block but a lot of times it’s coming from a Gmail or a Google account and if we block that domain, that means we block all of Google images, our email, and Google drive and docs and everything else,” said Kearny.
According to Kearny, the school used to use a Microsoft Exchange email system until they switched to Google. However, since that transition, the impersonations have been happening more and more because staff email addresses are more visible when they’re on Google.
The fake emails have also become more frequent recently because, “in general, those people are ramping up and doing more of that stuff, trying harder to steal people’s information online,” said Kearny.
To ensure that all staff members know of the phishing schemes, Walker said, “I keep having to remind the staff members to make sure that any email from me is coming from the auhsdschools.org domain.”