Office identifies audit emphasis areas for school districts

Colorful Metal Lockers

School districts have asked the State Auditor’s Office for advance notice of what areas upcoming audits will emphasize. The following list identifies areas auditors might focus on to help districts prepare for audits examining fiscal year 2017. These areas are general in nature, and as always the specific areas audited will be determined by a risk-based analysis. Local audit teams also are available all year to answer technical questions and point to additional guidance on specific audit areas. Continue reading

School district alert for phishing email attack

During the week of January 9, 2017, malicious hackers conducted phishing attacks from multiple school district employees’ email accounts.

What happened? 

Hackers gained unauthorized access to work-related email accounts belonging to employees of multiple school districts, presumably by having the login name and password of the email account.

The hackers used the employees’ email accounts to send phishing emails to people with whom the employee had previous email contact. The message included instructions to click on a link to open a website. The website directs the email recipient to enter account credentials (email address / user name / password / phone number).

The hackers are also monitoring the victims’ email accounts and are responding to replies from recipients of the phishing email confirming the original request to click on the website link. In some cases, the hackers used the employees’ email signature to make the message appear more authentic. Continue reading