An email phishing incident in the Tamaqua Area School District three weeks ago could lead to more internet security protocols, board members learned during their Tuesday work session.

Superintendent Ray Kinder reported that the district was the victim of a phishing scam, which came in the form of a well-disguised educational email from Google.

The person who responded to the phishing attempt believed they were doing what they were supposed to be doing when asked by the administration, he said.

Kinder did not name the person, or say whether it was an administrator, teacher or staffer. The initial phishing attempt was emailed to several staffers, including himself, he said.

The scammers basically wanted control of the district’s email system, allowing them to send emails from the district, and send emails outside through the district system to students, Kinder said.

Some students did receive email, trying to get them to register for summer jobs and trying to solicit information from them, he said.

“We fortunately with work from our tech department were able to stop the bleeding rather quickly,” he said. “We were able to put some things in place to stop it from continuing.”

The district is also working with local police and the Federal Bureau of Investigation, which came in and met with the district’s tech department, Kinder said.

Investigators believe they received some good information from the district, and they may be able to learn more about the scammers, he said.

Kinder believes only a few people responded to emails sent out by the scammer after the initial attack.

The incident, however, has the district looking at additional internet security measures, such as multifactor authentication on devices as early as next year, he said.

MFA wouldn’t have stopped the initial phishing attack, Kinder said, but it would have stopped the next step in the process.