72° Good Evening
72° Good Evening
Long Island

'Phishing' reply snarls Commack school emails

Dozens of parents in the Commack school district have called teachers and administrators in the past few weeks to ask why their emails with various inquiries have gone without a reply, school officials said this week.

The issue stemmed from a problem with the district's email system that surfaced about three weeks ago and caused outgoing emails to be blocked by many major email providers, Dino Vassino, the district's information systems director, said Monday.

An unknown employee who is among the district's 1,500 email users inserted his or her username and password into a so-called "phishing" email -- a type of email that attempts to acquire personal information, often for the purpose of identity theft, he said.

That resulted in thousands of spam messages being fired out through the district's domain in a single day.

The district recognized the problem within 24 hours, Vassino said, but not before the district's domain had been added to a handful of anti-spam blacklist services -- such as The Spamlist Project and SpamCop.

That meant many of the district's emails were not transmitted to recipients, and in some cases bounced back to their senders.

District officials had their domain removed from most blacklists as of this week, but remained unable to send email to people -- parents and students -- who use Gmail, Verizon and Outlook.

"Gmail is the most important, because a good chunk of our community members use it," said Vassino, who estimated that at least one-quarter of about 5,000 families in the district use the provider. "There might be other miscellaneous ones blocking emails, but we won't know unless a parent contacts us to complain."

The district, in an announcement on its website, recommends that parents include a phone number in their emails for the time being, so that school staff can respond "as quickly as possible." The district was unable to determine which employee replied to the phishing email, Vassino said.

Representatives of Google, Verizon and Outlook, in response to questions, all said via email that they had reached out to the district and were working to resolve the problem.

Google had rectified the situation with its Gmail accounts by the end of the day Monday, Vassino said Tuesday.

In the Levittown school district, a similar phishing problem occurred last month, and the district resolved it in a few days.

"There is no easy way to remedy the issue. Each company seems to have different methods for getting off the naughty list," said Todd Connell, Levittown's director/IT manager of computer and media services. "The most important part was tightening [the district's] spam filter policies to prevent it from happening again, and alerting the users to keep an eye out for the fake phishing messages."

Latest Long Island News