Always a Voice for Students

Imua ʻIolani
Always a Voice for Students

Imua ʻIolani
Always a Voice for Students

Imua ʻIolani
Categories:

Scam Alert: How a Hacked Account Nearly Fooled over 100 ‘Iolani Students

Alessia P., StaffMay 19, 2025
Mr. Scott Weaver
The above phishing email which posed as a job offer was sent to 2,000 students, faculty and staff.

 Whether it be to reach out to a teacher for an extension or receive the SAO announcements, emails are something we read every day. Sometimes, however, these emails could be scams, which happened to be the case for the ‘Iolani community last March. One student’s email got hacked and sent around 2,000 emails to students from grades 4-12 and faculty and staff, inviting them to fill out a form for a job application. Imua sat down with Mr. Scott Weaver, Director of ITS, who explained the importance of being able to identify phishing– a type of online fraud where scammers impersonate trustworthy sources in order to extract personal information from you–and understanding the dangers of these scams so that we can protect ourselves in the future.

On March 28, 2025, at midday, an email was sent from a hacked student’s account. It included a job application that offered $499 a week, for only 1-3 hours a day, for three days a week. This email reached the inboxes of a multitude of the student body as well as faculty members. 537 were sent to faculty and staff (including those who have retired), while 1,117 emails were sent to 9th to 12th grade students. 408 7th and 8th graders and 11 Lower Schoolers also received the message. These emails predominantly targeted juniors and seniors. 

Mr. Weaver explained that what these scammers did was scrape the ‘Iolani directory for everyone’s email and sent 5 separate emails to about 2,315 addresses. 

Right after the emails were sent, Mr. Weaver shared, “I got some texts and emails from the administration. Thankfully, I was home at the time and what I did was go into the inbox of the hacked student and remove [the email].” Mr. Weaver explained that he was able to contain the compromised account within eight minutes of the first email that was sent, and all the emails sent to the students and faculty were deleted within 12 minutes of the first email. 

This may raise questions on whether or not ITS is breaching your privacy and reading everything in your inbox. Mr. Weaver wanted to assure everyone that ITS is not looking through your emails. They will only access inboxes in rare and serious situations—such as when a major issue arises involving the safety, privacy, or personal information of students. “What we can do is see that an email from a person was sent to another person on this date with this subject.We can see how many emails were sent in a particular time frame, and in this case, it was very easy because we knew what the subject was, and so I ran a report on that so we could take action on it,” Mr. Weaver clarified.

ITS is not 100% certain how the student sender’s email was hacked, but Mr. Weaver believes that it is most likely a data leak from a website. 

The content of the email was about a job application that was willing to pay a lot of money for only a few hours of work. It included a link to a form that asked about bank accounts, phone numbers and more. Around 135 people clicked the link and filled out the form while others dismissed it as spam mail and ignored it. The question then is: how were some students able to identify that the email was a scam? 

Mr. Weaver answered: “It could be the fact that it came from a student, and it originated from a student’s email. At the bottom of the form as well, it mentions a copyright 2025 Job Board Trustee which is kind of strange because it sounds too corporate for a student to send.” 

Luckily, the form itself didn’t ask for too much personal information, but it did ask for some basics like a phone number. After the form was filled out, Mr. Weaver said that the next step was for the scammers to reach out to the individual via text message. At this point, students were able to recognize the true intentions behind the email and disregarded it, meaning that no one ended up getting their money stolen.

This incident serves as a reminder that even within the walls of our school community, cyber threats may still find a way in. But what exactly was the scam, and why would someone go through all the trouble of sending over 2,000 emails? At its core, this was a phishing scam. Mr. Weaver explained that this scam in particular was to trick people into sending money. “What they would do is they would send a fake check and want you to go out and buy gift cards,” Mr. Weaver explained. “Their motive is that ultimately, they want gift cards. They send a fake check, and then they get gift cards back. And if you fall for that, if you give them [the cards], then you’re out the money on the check that doesn’t cash. And there they get $500 or even $1,000 worth of gift cards.” In this case, the scammers didn’t ask for the gift cards immediately but instead tried to build trust by asking for basic personal information. But the end goal is always the same: to make money by exploiting people’s trust and urgency.

While this incident was certainly alarming, Mr. Weaver reassured us that the likelihood of something like this reoccurring is low. The situation was contained quickly, and ITS was able to remove the emails before any serious damage occurred. Although the email addresses of the students who filled out the form were exposed, Mr. Weaver explains that this isn’t as dangerous as it might seem. Due to previous data breaches and the public nature of school email directories, many of our student emails are already accessible — meaning anyone can technically write an email and send it to a student. 

So how do we protect ourselves from falling into traps like this in the future? Awareness and skepticism are key. If something sounds too good to be true– like getting paid hundreds of dollars for barely any work– it probably is. Always double-check with an adult, teacher or ITS if you’re unsure. Look out for red flags like unusual sender addresses, strange links or overly professional language that doesn’t match the context. ‘Iolani plans to enhance OneLogin security by analyzing the user’s login location and time to detect suspicious activity. Ultimately, while ITS can act fast when something like this happens, the best defense starts with us being alert, asking questions and thinking twice before we click.

View Story Comments
Print this Story
More to Discover
More in News
Kaito Shimamoto ’30 focuses on his schoolwork during lunch.
Pressurized Pencils: How Stressed Are Students in the Final Quarter?
Qingqing Chen ’27 experienced the Thailand earthquakes first hand during her stay in Bangkok on spring break.
Student Reflects on Experience of Thailand Earthquakes
For many students, course registration season always comes with a tinge of stress and nervousness.
Students and Staff Clash Over Course Registration Policies
Tate Uchida ’28 championed the Cuban communist and rebel, Che Guevara, who influenced the Cuban Revolution and the Cuban Missile Crisis. His face is on one of the most famous photos in the world, the "Guerrillero Heroico." Uchida and her partner won the final debate on April 22nd, 2025.
9th Grade March Madness History Debate 101: An Argument for the Ages
A parent helps a junior lay the mochisada batter onto the frying sheet.
‘Iolani Fair Adapts Despite Arrillaga Center Construction
Kaitlyn Sim ’25 is ready to present her project on the implications of Red 40, at the State District Science Fair.
‘Iolani Researchers Change Perceptions of Food, Caffeine, and AI in Healthcare
More in Showcase
The setup of the broadcast at an away game for the Boys Baseball team at Les Murakami Stadium.
Before, Behind and Ahead of the Screen: The Story of ‘Iolani Live
Small EK Fernandez rides like this miniature Ferris wheel were present at a large majority of the ‘Iolani Fair weekends.
Thrill Through the Ages: Reliving Great Memories from the ‘Iolani Fair
Chaplain Morehouse, a staple figure in ‘Iolani’s spiritual life, is pictured giving his final remarks of the day to the juniors and seniors during their weekly chapel service. At the end of every service, Chaplain Morehouse intones the Trinitarian formula, saying, “In the name of the Father, Son, and the Holy Spirit, amen.”
For the Students, By the Students; A Chapel Story
What's Worth Celebrating at Honors Day?
What's Worth Celebrating at Honors Day?
Bequeathments 2025
4. “Steroid scandal forces Raiders to forfeit basketball title” (2006). In 2006, Imua published an article claiming the Raiders forfeited their 2005-2006 basketball season victories due to a steroid scandal involving Kawika Shoji ’06. The satire included fabricated teammate quotes, joking, “The first sign of Kawika’s steroid use was his hair; the ‘fro was out of control.” Playing on concerns over performance-enhancing drugs in sports, the piece contrasted sharply with Shoji’s real-life volleyball career — competing for the U.S. men’s national team and earning a bronze medal in the 2016 Summer Olympics.
Volume 100: Imua Reflects on Beloved April Fools Tradition
About the Contributor
Alessia P.
Alessia P., Staff
Hi! My name is Alessia and I am a freshman. This is my second year at ‘Iolani and my second year in Imua. I initially joined this class last year because I love literature. I wanted to learn more about the journalism world especially after the fact that I finished watching Gilmore Girls over the summer and saw how Rory was part of her school newsroom. During my free time, I really like to play golf and hang out with my friends.