A fake job offer sent from a real student's email account. That's one way phishing scammers are compromising Alpine School District student accounts, and the district is asking parents to help stop it before kids head back to class in August.
Alpine School District published a warning Friday, July 10, about what it called a "recent uptick" in phishing attempts targeting student email accounts across the 85,000-student district. The attacks aim to compromise individual accounts and then use that access to reach broader district systems holding student records, employee data, and financial information.
In the one specific scam the district described, an attacker used a legitimate, already-compromised student account to email other Alpine students about a job opportunity. Anyone who clicked the link risked having their own account taken over.
"Phishing attacks remain one of the most significant cybersecurity threats facing school districts (including Alpine) because they target people rather than technology," said Darren Draper, administrator of technology for Alpine School District.
Draper said a single compromised account can expose sensitive student records, employee information, and district financial processes. Successful attacks can also disrupt school operations, create financial losses, and consume significant staff time during investigation and cleanup.
What families can do
Scott Chandler, network security analyst for the district, laid out six steps families should take:
- Verify the sender's address before responding.
- Avoid clicking unexpected links or attachments.
- Use strong, unique passwords.
- Enable multi-factor authentication wherever available.
- Avoid accessing sensitive data on public Wi-Fi without a VPN.
- Keep software updated.
Chandler said phishing messages often manufacture urgency, claiming an account is locked or offering fake prizes to pressure recipients into clicking. His bottom line: "When in doubt, delete the email and ignore it."
A parent's role
Alison Pickens, an innovative learning coach for Alpine and parent of a 10th-grader at Westlake High School, said the conversation starts at home. She urged parents to talk with their children about slowing down before clicking, looking closely at the sender's address, and watching for spelling or grammar mistakes.
"Most importantly, let them know it's always okay to ask a trusted adult if something doesn't seem right," Pickens said.
District defenses
Alpine said it uses advanced email security filtering to block malicious messages before they reach inboxes, requires multi-factor authentication for staff, and monitors student and staff accounts for suspicious activity. The district asked families to report any school-related phishing threats directly to its information technology department.
The district has not disclosed how many accounts have been compromised or how many phishing attempts it has logged. No specific Alpine schools serving Draper were singled out in the warning.




