Email Security Incident hits NLCSD

The following information was released to the public on the New London Community School District Facebook page. Danville School District was attacked just a few days previously in the same manner. A school secretary there suffered the same fate. The email really looks legitimate because it implies that a Newsletter is being established by the school. If such a thing happens and you are suspicious, a phone call to the sender is the first step! The bad guys aided by Artificial Intelligence are on the move and billions have been stolen from unsuspecting internet users.

We are notifying the public of a recent email security incident involving the account of one of our secretaries, Kim Wagner (kim.wagner@nlcsd.org).

On April 24, 2025, a phishing message was sent from a staff member's school email to external recipients. After investigating the event, we confirmed that this incident was limited strictly to email access — no internal systems, student data, or district services were impacted in any way.

The method used appears to involve a sophisticated phishing technique known as a DKIM replay attack. In this type of attack, the perpetrator sends a forged message that passes standard security checks because it reuses a legitimate Google authorization notification. If a user is tricked into clicking the link and granting access, attackers can gain limited access to the email account without triggering two-factor authentication.

Our IT team acted swiftly to secure the affected account, revoke any unauthorized access, and perform a domain-wide audit to ensure no other accounts were compromised.

If you received this email, please delete it. Do not click on any links or provide credentials.

If you clicked on the phishing link, we recommend the following steps:

These steps are precautionary to ensure your account remains secure.