CHARLOTTE, N.C. — Channel 9 learned hackers targeted Charlotte-Mecklenburg school employees and stole thousands of dollars from their paychecks.
A police report shows the total of money stolen amounts to $30,679.51.
In an email, a CMS spokesperson told Eyewitness News anchor Liz Foster, "The employees opened two phishing emails and provided their CMS passwords and login information. It is likely that the cyber criminal captured and used personal logins to change employees direct deposit bank accounts."
Those phishing emails are a growing issue Channel 9 just warned viewers about this week after an FBI notice.
“[Phishing emails are] very easy for the hackers to make en masse and then send them out," said John Britton, a cybersecurity expert with Rocus Networks.
A CMS official said the district has a range of data security protections and measures.
"Having the tools in place is great, if you can create the right procedures to stop things when they're seen, but if you don't have somebody constantly monitoring and updating that to meet the current threat level, you're never going to be able to keep up," Britton warned.
The Charlotte-Mecklenburg Police Department's cyber crimes unit is now investigating.
Britton said as investigators try to trace where the $30,000 went, CMS' finance staff needs to make sure all wire transfers are set up correctly.
"Even though we've seen $30,000 go out today, [it] doesn't mean there hasn't already been other transactions set up to go out at a later date," Britton said.
CMS is making sure those six employees still get paid, but whether the district will get the $30,000 back is another issue. Experts say hackers often move money to international bank accounts and may even spread that money across thousands of accounts.
CMS is starting new policies to prevent more employees from falling victim, including a highlighted alert now automatically inside all external emails.
A CMS spokesperson added, “CMS will respond to findings from the ongoing investigation based on guidance from law enforcement and security personnel.”
On Monday, the FBI sent a warning about crimes exactly like this.
The agency has seen it happen in the education field, as well as health care and commercial airlines.
Just as in this case, the hackers send an email that looks like it's from an employee’s human resources department.
It directs the employee to go to a website and enter login information.
The FBI cautions people: If you get an email you're unsure about, hover your cursor over the link so you can check the entire web address.
Read more top trending stories on wsoctv.com:
- TRACKING MICHAEL: Hurricane strengthening, could be Cat 3 at landfall
- Man accused of attempting to kidnap 2 girls in east Charlotte out of jail
- Authorities release new photos in case of girl who vanished 18 years ago
- WATCH: Keith Monday's Tuesday forecast outlook
- Many residents against proposed Matthews downtown development
Cox Media Group