The Manor Independent School District in Texas is investigating a cyber incident that inflicted a loss of $2.3 million because of an employee opening an email and failing to notice anything “phishy.”

A tweet sent January 10 by Manor ISD revealed that local and federal law enforcement were investigating a cyber incident that caused the school district to lose millions of dollars to an anonymous hacker. A press release issued by Manor ISD on the same day (screen capture below) reveals the incident involved a “phishing email scam” that caused the school district to lose “approximately $2.3 million.”

Investigators allegedly have strong leads in the case but have yet to catch the perp.

Manor ISD security notice

The phishing email was sent to multiple people at the school district in what can be called a spray-and-pray attack, where the hacker doesn’t target a specific person, but rather hopes that one will take the bait. In the case of Manor ISD, someone did, reported local news station KSAT.

According to the ABC-owned news outlet, investigators say an unwary staffer responded to the request to wire the money after failing to notice that “the bank account information was changed and it was being sent to a fake bank.” The money was wired in three separate transactions, the report also notes.

While most cyber incidents reported in the news involve troves of data being stolen or encrypted with ransomware, phishing scams are equally damaging and perhaps even more menacing. In fact, most data breaches begin with a phishing email that tricks one unwary employee, who then compromises the company’s infrastructure.

More than a third of infosec professionals participating in our Hacked Off! report last year said the best way to defend against advanced cybersecurity attacks is “to provide adequate training.”

Bogdan Botezatu, Director or Threat Research at Bitdefender, agrees:

“This is proven by the fact that organizations providing info security training & support are better at detecting attacks quickly, and are more efficient at isolating them,” said Botezatu. “In addition, cybersecurity executives are placing increased emphasis across next-gen security solutions and network traffic analytics to keep their organizations safe and secure.”