Texas school district falls for email scam, loses $2.3M

Cybercriminals have scammed a Texas school district out of $2.3 million by using a phony email.

The Manor Independent School District lost the hefty sum as a result of a phishing email scam, the school district said in a statement last week. Details on how the scam was perpetrated are not clear at this time, nor is whether the money has been irretrievably lost.

The Manor, Texas police department and the FBI are investigating the incident, the statement said, adding that the investigation is ongoing with “strong leads."  The school district is also appealing to anyone with information to contact the police.

RANSOMWARE HITS CRISIS LEVELS AS ANOTHER COMPANY CAVES TO CRIMINALS

Three separate fraudulent transactions occurred in November, according to a local report, citing police.

The Manor school district has yet to respond to a Fox News request for comment on the status of the investigation.

Phishing email typically tries to get the victim to click on a malicious link in order to execute an attack, but that may not even be necessary. Attacks can also happen through a plain text email intended to fool the recipient to commit a wire transfer or send sensitive information, according to comments previously provided to Fox News by Barracuda Networks.

Cybercriminals score big

Cybercriminals reaping large sums is becoming more common in the wake of a wave of ransomware attacks in the U.S.

One of the most recent large hauls was from Sherwood, Ark.-based The Heritage Company, which had to temporarily shut down operations after making a ransom payment of “hundreds of thousands of dollars” to the criminals behind the attack.

Heritage's CEO Sandra Franecke "broke the news in a letter to her 300 employees that the 61-year-old firm would suspend activities,” Fox16 previously reported.

Employees were told on Jan. 2 to call to find out whether they should report to work or not, Fox16 added, citing the letter from Franecke.

HOW TO SPOT A HIDDEN WEBCAM

Heritage was eventually "forced to pay the crooks to get the ‘key’ just to get our systems back up and running," according to the letter, which also noted the company's IT department has been struggling to bring its systems back up.

“Paying a ransom and not receiving an effective decryptor key is one of the primary reasons why law enforcement and cybersecurity pros warn against giving in to a ransomware attacker’s demands,” according to SCMagazine, a cybersecurity news site.