Jack Janczyk ’28
In late September, a phishing scam targeted email inboxes across the EA community in an escalation of recent cyber attacks against the school.
The email revolved around a work opportunity, a flexible part-time job requiring 90 minutes of work every day for a weekly salary of $550. Everyone interested was asked to fill out a form that asked for sensitive personal information.
A phishing scam is a common hack that attempts to trick a user into clicking a link. Just by clicking, the user is then vulnerable to having malware downloaded onto their computer, although more commonly hackers then try to get the user to input personal information. Despite the fact that it was a complete scam, however, some students were unaware of the illegitimacy of the email and filled out the form anyway, raising questions about EA’s cybersecurity defenses.
sent out a fake job listing to try to gain access to personal credentials.
Photo courtesy of Lilly Smolenski ’27
While most students were apprehensive of the email, some were intrigued by the $61 an hour prospect and began filling out the form. Austin Tinsley ’28 shares his initial reaction to first seeing the email, saying, “I was shown the email by a friend, and my initial reaction was just shocked. Sending a job application to high schoolers and middle schoolers — I think it’s fairly obvious. It’s not a real email.”
There are a number of key signs that can reveal the true nature of a suspicious email. Phishing scams commonly contain spelling errors and lack specificity. “I think about who’s sending me an email and what is in the email,” shares computer science teacher Matthew Davis. “If I’m not expecting an email from this person, then it’s probably not a legitimate thing. The other thing is, when you clicked it, it was trying to get your login, and it’s when you hover over a link, you can check where it’s taking you. You don’t have to click it to see where it goes. I always check the little preview to make sure that this is something legitimate.”
An especially dangerous part of the email was that it was sent from an EA google account. Generally, students treat EA emails with a higher degree of confidence and don’t expect these emails to be scams.
So how did the scammer even get access to an EA email in the first place? Tech support member Carlos Almonte has some insights, saying, “I think they got their credentials through a link. So, they send the student something, and click on their credentials. That’s how they got access to their Google account, and once they got access to that, they moved from there and sent it to everybody.” Almonte’s insight emphasizes the importance of online safety and how one mistake can put a whole community in jeopardy.
The email is part of a larger trend — both at EA and across the nation — of an increasing prevalence of cyber attacks. Hackers from across the world have attempted ransomware attacks against US companies. Even the EA community has been targeted; both the Episcopal and Escholium websites were recently the subjects of cyberattacks.
The incident has raised questions about what EA can do to better deal with cyber attacks in the future. As Almonte says, “schools have been a really big target lately.” Students are bound to click on links they shouldn’t, even when it’s accidental, they oftentimes don’t know better.
EA also tries to educate students about online safety through its school curriculum. “I think this is something we do in computer science classes; we try to talk about these concerns and get people to understand how it happens. I think particularly with the rise of AI, it will get increasingly difficult to determine what information is real and what information is fake,” shares Davis.
EA is making a conscious effort to prevent such incidents from happening by educating students and quickly eliminating the threats. Thus, the onus now lies on the student. Especially with the recent targeting of schools and the increasing prominence of AI, now more than ever, students must be cautious and extremely safe when faced with online abnormalities.
