Phishing attempts are up in some Yuma and La Paz schools.
Phishing is when scammers send messages that look legitimate to trick people into clicking links or giving up login information.
On March 4, Arizona Western College issued an all-college communication about the increase.
“Over the past week, our ITSS team has been working around the clock to respond to an unprecedented ... increase in phishing emails across the College, including messages that appeared to come from internal accounts,” the communication read. “The incident involved a compromised account through a session-based phishing attack (not malware).”
AWC Chief Information Officer Scott Estes told KAWC that he’s unsure if he would have used the term “unprecedented,” but that the college sees these types of phishing attempts on a weekly basis.
“If I had to guess, we receive about two or three reports a week, and as we continue to tighten security around fake emails, [we] have to be mindful that as it gets tighter, it starts to block legitimate emails — so there is a fine balance,” he said.
Northern Arizona University–Yuma, which is also located on the main AWC campus, has separate technology, but Estes said he guarantees they see similar activity.
In La Paz, the Parker Unified School District reports that they’ve observed an uptick as well, with most attempts impersonating the school’s human resources department.
“We don’t call our HR ‘HR,’ so everyone knows it is a fake. They are instructed to report and delete without opening any attachments,” Superintendent Brad Sale said. “I have seen a few with acting like they are invoices or DocuSigns. In that case, we won’t open the DocuSign unless we have made contact with vendor prior to the DocuSign email.”
Sale shared that he once received an email from a trusted person, but it didn’t look right, so he sent them a separate email asking if they sent it. “The reply I received was yes, go ahead and open it. That made me suspicious. I didn’t open it and waited,” he said. “We received an email later saying their account had been hacked. The bad guys are getting better at their trade; everyone needs to be wary.”
KAWC reached out to each public school district in Yuma and La Paz counties, and did not receive reports of increased phishing from any others.
The Yuma Union High School District, which shares a technology team through an education consortium with Yuma School District One, responded that they have "been diligent over the past decade or more regarding both staying up to date on phishing attempts and keep staff trained and informed. Over the years, we have been trained on how to recognize potential phishing attempts and even are subject as staff to so-called 'tests.' All that said, we have not been made aware of any uptick in phishing. In a sense, we are always on high alert that educators can be targets."
Why Now?
According to the Yuma Police Department, phishing and other scams usually trend during tax season, but they don’t typically target schools.
“I personally haven't seen that often here,” Officer Hayato Johnson said. “It could just be, you know, sometimes there's security breaches and some of these hackers are smart; they’re very good at what they do and that’s why they do it.”
More broadly, however, the Cybersecurity and Infrastructure Security Agency (CISA) states that schools face a wide range of cybersecurity threats. Some of these may include nation-state actors. News reports have also highlighted increased cyber activity linked to Iran amid ongoing conflict with the U.S. Currently, CISA has issued advisories for nation-state threats from the Chinese, Iranian, North Korean and Russian governments.
Experts also warn that emerging technologies like artificial intelligence are making phishing more effective, dramatically increasing the speed and scale of attacks.
Although the exact causes for phishing activity in Yuma and La Paz aren’t known, AWC and YPD advise caution.
"Cyber threats don't take breaks, and neither can our awareness of them. Cyber security is ultimately a shared responsibility, and that's what this campaign is really about. No technical safeguard is foolproof without informed, engaged people behind it,” said Ashley Herrington, AWC chief of staff. “We want every student and employee to feel equipped and confident in recognizing threats because their awareness is genuinely our strongest line of defense.”
Staying Safe
At AWC specifically, the IT department has strengthened its email security posture by enhancing filtering systems, disabling click-through capabilities and expanding its safe attachments policies. The college is also launching a training campaign to help students and employees better identify and respond to cyberthreats.
CIO Scott Estes offered some advice for both AWC Matadors and members of the public:
- Be mindful of all communications, including emails and social media messages. Always verify senders—even if the message appears to come from family, friends, or trusted organizations—especially when the message is unsolicited or pressures you to act immediately.
- Be alert for the following common red flags:
- Unexpected attachments
- QR codes or links requesting login credentials
- Messages claiming urgency or confidentiality but written in an unusual tone
- Emails requesting MFA codes or password resets
- If anything appears suspicious, do not click.
YPD also emphasized that last point.
“The biggest recommendation we have is if it's not familiar to you, don't click on it, right? Especially if it's coming from an email address that you've never heard of, dealt with — refrain from clicking on it,” Officer Hayato Johnson said.
Because phishing and other kinds of scams attempt to steal personal information, Johnson said they can be reportable crimes.
“Anything where you provide personal information, and then you start suspecting it’s some kind of scam — you can report that to any law enforcement agency. Just because, let’s say, if your personal information gets out there, right? Social security card or social security number, date of birth, name — everything. There’s a potential for that stuff to be hacked and used for other scams in the future,” he said. “So that’s stuff that needs to be reported to Social Security, and the first step you’re going to have to take is filing a police report.”
Once a police report is filed, Johnson says individuals can provide their case numbers to a Social Security office and receive a passcode they can use whenever they need to legitimately provide a social security number. That way, an agency can verify that the real individual is using the number and not a hacker who had access to it in the past.
As for whether a suspected phishing link on a company or school email should be reported to law enforcement, Johnson advised sending it to your employer or school’s IT department. For a personal email, his advice to avoid clicking on links still applies.
Common Local Scams
Since scams trend upward during tax season, Johnson also shared some of the most common scams YPD has seen over the years. A lot of them target elderly citizens since they often have retirement pensions and larger savings.
Some of the most common scams people receive are calls from police impersonators who tell them they have a warrant that can be forgotten with a lump sum payment.
“Unfortunately, that's just not how things are ran within our court system,” Johnson said. “Number one, an officer is never going to call you to tell you you have a warrant, and then, two, ask for payment over the phone. Typically when you get warrants, they get issued by mail, and then you actually have to come to a courthouse to settle that warrant.
“A lot of these older folks, they fall into that trap and they'll—some will deplete their whole life savings thinking that because they pay this lump sum, this warrant — which never even exists — will be squashed and they no longer have the police looking for them.”
In these situations, Johnson recommends hanging up and reporting the incident to local law enforcement.
Another common scam involves using game store cards or prepaid cards as payment — even as payment to squash a warrant.
“That's just another way for them to receive money without it being traceable,” Johnson said. “So if these people are staying on the phone with you — which they will, they'll literally stay on the phone with you while you're driving to the store — they'll tell you what gift cards to pick up. They'll tell you how much to put on them, and then they'll have you either mail it via money order or take those cards to USPS and ship them off to a random address.”
For younger folks, including U.S. Marines, a more frequent scam is blackmail after soliciting nude images.
“They'll claim to be somebody they're not. You know, typically it's a female that's trying to egg on or build trust with a guy, and then what they do is they'll ask for some private photos,” Johnson said. “And, you know, once they finally get sent through, all of a sudden they try to blackmail them, and a lot of Marines lose money over those scams as well.”
His advice? Don’t send nude or private photos.
“There's so many cybercrimes out there, and most of these suspects, they live in third world countries where, you know, we can't really trace them,” he said.
Bottom Line
“Cybersecurity awareness must remain an ongoing effort. The cyber threat landscape is constantly evolving, and bad actors continue to become more creative and sophisticated in their attempts to gain access to sensitive information,” AWC CIO Scott Estes said. “While our systems may be secure at the moment, maintaining strong defenses requires continuous vigilance.”
Whether it’s via call, email, direct message or some other format, AWC and YPD advise the public to be discriminating with the information they share. If it looks remotely suspicious, think twice before even clicking on a link.
“If it's something you've never seen, never dealt with, it's worth taking your time to do a little research on it than just jumping into it, answering a bunch of questions, people you don't know; it can really save you a headache in the long run,” Johnson concluded.
Reporting for this article is supported by a grant from the Arizona Local News Foundation.
Note: Arizona Western College is KAWC's license holder.
