A phishing scam, an online hacking technique designed to steal people’s personal accounts and information by sending emails claiming to be from a reputable company or source, infected millions of computers worldwide and at Cathedral Catholic High School on Tuesday as IT professionals scrambled to remedy the electronic subterfuge.

The attack duped Dons into thinking they were receiving an invitation to a Google Doc, an online document sharing and editing service, from a fellow classmate, teacher, or colleague. When opened, hackers then potentially received access to private contact lists.

“Our community was affected because ‘cchsdons.com’ is a Google domain and anyone who has a Google domain was affected,” CCHS Director of Technology Mr. Dustin Nies said.

This scam was more sophisticated than normal phishing scams because the hacker(s) made an app disguised as Google Docs in order to receive authentication from accounts rather than usernames and passwords, according to CNET, a website focused on technology reviews, news, and forums.

“At first, I received an email from a vendor saying his email was compromised, and then I started receiving the emails myself,” Nies said. “I quickly reported it to the main office, who then announced over the intercom telling students to delete the email.

“However, Google had removed the fake app within 30 minutes of starting.”

Some members of the CCHS community opened the scammer’s fake Google Doc, and in doing so, forwarded the fraudulent email to all contacts on their specific contact list, widening the scope of the scam to more teachers and students.

“I opened the Google Doc thinking it was from a teacher,” CCHS student Jaden Bueno ’18 said. “Then, it installed something on my iPad, but nothing else happened.”

Google Docs quickly notified its users through its Twitter account, tweeting that security actions are disabling the accounts and pushing Safe Browsing, a program warning users of harmful websites and navigating them back to safety as a way to prevent these scams from recurring.

Many experts are asking why the specific hacker went through so much work to bypass Google’s impressive firewall to only receive people’s email contacts? Theories include selling the small amount of data received or tagging the emails that opened the document as susceptible users for a future scam, Mr. Nies said. 

In a time of a technological uprise, people are urged constantly to safeguard themselves from viruses and to educate themselves on how to protect against internet scams.

The CCHS technology department uses many security tools, such as firewalls, intrusion prevention, contact filters and more anti-malware software, to protect the CCHS community from electronic breaches.  

Faculty, staff, and students can utilize many internet safety tips, including securing their passwords, signing out on devices, checking security settings on accounts, and updating anti-malware software, to protect their devices, according to Google’s Safety Center to Prevent Cybercrime.

“Always be cautious when opening things, especially if it’s not something you are expecting,” Nies said. “Carefully examine it, but if you are questioning opening something in any way, then don’t open it.”