Back to the blog
Technology

Unmasking the Imposters: Overseas Scammers Target US Schools with Fake Websites

StrongestLayer uncovers a sophisticated phishing campaign where an overseas actor creates fake elementary school websites to target US families, aiming to steal personal data for online course and admission scams. Read our in-depth threat research on how these imposter sites operate and how to stay protected.
May 7, 2025
Safwan Khan
3 mins read
Table of Content
Subscribe to our newsletter
Read about our privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

In an increasingly complex digital world, threat actors are constantly devising new ways to exploit trust and deceive unsuspecting individuals. StrongestLayer's advanced threat detection capabilities have recently identified a sophisticated impersonation campaign targeting elementary schools across the United States. This operation, orchestrated by an overseas actor, involves the creation of convincing imposter websites designed to siphon personal information for fraudulent activities, primarily online course and admission scams.

This report delves into the mechanics of this deceptive campaign, revealing how a single entity systematically created a network of fake school websites, and underscores the critical role of proactive threat intelligence in neutralizing such threats before they impact communities.

The Anatomy of the Scam: A Pattern of Deception

The investigation, spurred by StrongestLayer's initial discovery, examined four pairs of legitimate and imposter school websites. A clear pattern emerged, showcasing the threat actor's methodical approach to impersonation:

  • Adamsville Elementary School: The imposter site (adamsvilleelementaryschool.com) mirrored the real school's name but featured a fraudulent email (administracion@...) and omitted the real phone number, while copying the physical address with slight modifications and even including the legitimate NCES School ID to appear authentic.
Real Adamasville Elementary School Website
Fake Adamsville Elementary School

  • Blount Elementary School: Similarly, blountelementaryschool.com used a fake headteacher@... email, lacked a phone number, and presented a slightly altered version of the real school's address, also displaying the correct NCES ID as a deceptive tactic.
  • Caddo Hills School District: The imposter caddohillselementaryschool.com went a step further by listing a suspicious international phone number (050377000126) and a generic administracion@... email, while completely omitting a physical address—a significant deviation from the legitimate school's detailed contact information.
  • Boaz Elementary School: The imposter boazelementaryschool.com displayed a glaring operational security failure: its contact page bore the heading "Contact TIDIMALONG PRIMARY SCHOOL," a clear indicator of template reuse from an unrelated campaign. It too used a fake admin@... email and omitted the phone number, while slightly altering the real school's address.

Across all imposter sites, the strategy was consistent: replace legitimate contact channels with those controlled by the scammer, primarily email addresses designed for lead generation, while maintaining a facade of authenticity by copying other details.

Unmasking the Operator: A Single Actor Behind the Curtain

The technical evidence paints a clear picture: this is not the work of disparate, opportunistic scammers, but a coordinated campaign orchestrated by a single entity. WHOIS registration data for all four imposter domains (adamsvilleelementaryschool.com, blountelementaryschool.com, caddohillselementaryschool.com, and boazelementaryschool.com) is identical:

  • Registrant: MARTIN MARTIN, nenekkuoranghebat@gmail.com
  • Location: SAMARINDA, KALIMANTAN TIMUR, Indonesia
  • Registrar: CV. Jogjacamp (IDWebhost/ResellerCamp)
  • Name Servers: ns1.idwebhost.com, ns2.idwebhost.com

This consistency, coupled with the fact that three of the four domains were registered on the exact same day (February 21, 2025), with the fourth registered just weeks earlier (January 30, 2025), points to a deliberate and planned operation. The use of the same Indonesian registrar and hosting infrastructure further solidifies this link.

The Threat Actor's Playbook:

  • Strategic Impersonation: Carefully selecting real US elementary schools to exploit their established trust.
  • Convincing Domain Squatting: Registering domain names that closely mimic legitimate school names.
  • Targeted Lead Generation: Funneling inquiries through fraudulent contact details to capture personal data.
  • Deceptive Legitimacy Cues: Using real school addresses (with minor tweaks) and NCES IDs to bolster the fake sites' credibility.
  • Overseas Operations Base: Leveraging Indonesian registration and hosting to complicate attribution and takedown efforts.

The Ripple Effect: Potential Harm and Proactive Defense

While direct victim accounts for these specific domains were not publicly accessible during this phase of the investigation, the modus operandi aligns with common online scams that can lead to:

  • Financial Scams: Victims could be duped into paying for fake online courses or non-existent admission services.
  • Data Theft: Personal information collected can be exploited for identity theft or sold on dark web marketplaces.
  • Reputational Harm: The targeted schools risk damage to their reputation through association with these fraudulent activities.

StrongestLayer: Stopping Threats Before Impact

This campaign highlights the critical need for proactive, AI-driven cybersecurity. StrongestLayer's ZeroDay Detection Engine was instrumental in uncovering this network of imposter sites. By identifying and analyzing the underlying patterns and intent, rather than relying solely on known signatures, StrongestLayer effectively stops such threats before they reach and victimize users.

Recommended Actions:

  1. Official Reporting: Affected schools and relevant authorities (e.g., FBI IC3, FTC) should be formally notified.
  2. Takedown Requests: Abuse reports should be submitted to the domain registrar (CV. Jogjacamp/IDWebhost) and hosting provider.
  3. Public Advisories: Legitimate schools should alert their communities to these imposter sites.
  4. Ongoing Vigilance: Continuous monitoring for similar impersonation attempts is crucial.

Conclusion: The Power of Proactive Detection

The impersonation of US elementary schools by this Indonesian-based threat actor is a stark reminder of the evolving nature of online fraud. The systematic creation of these imposter websites, all linked by common registration and technical infrastructure, demonstrates a calculated effort to exploit trust for malicious gain.

StrongestLayer's early detection of this campaign was pivotal. It showcases how advanced, AI-powered threat intelligence can unmask sophisticated impersonation schemes, providing the crucial window needed to mitigate harm and protect potential victims. By staying ahead of attackers and identifying threats based on intent and behavioral patterns, StrongestLayer continues to fortify the digital landscape against such deceptive practices.

IOC'S

  • https://adamsvilleelementaryschool.com/contact-us/
  • https://blountelementaryschool.com/contact-us/
  • https://caddohillselementaryschool.com/contact/
  • https://boazelementaryschool.com/contact-us/

Related Posts

Illustration of employees using an AI‑powered magnifying glass and shield to detect phishing emails.
Technology

10 AI Phishing Simulation Scenarios to Test Your Team

Learn 10 realistic AI phishing simulation exercises to train your team in spotting modern attacks. From ChatGPT-crafted HR emails to deepfake CEO scams, we cover scenario details, why they work, and best practices for engaging simulations.
Employees using AI tools (magnifying glass and shield) to detect phishing emails
Technology

From Click to Shield: Transforming Employees into AI Phishing Hunters

Employee training for AI‑assisted scams: empower your workforce with real‑time phishing simulations and behavior‑based microlearning to outsmart AI‑generated threats.
Network of fraudulent financial nodes representing AI-powered scam networks
Technology

The Silent Epidemic of AI-Powered Financial Scam Networks: How Fraudsters Are Weaponizing Technology

AI-powered scam networks are transforming online fraud in the financial sector. Discover how cybercriminals use LLMs, fake websites, and rapid replication to deceive and evade traditional security defenses.
Diagram of layered email security shields demonstrating protection beyond Microsoft defenses
Technology

Why Microsoft Isn’t Enough: The Case for a Layered Email Security Approach

Why relying solely on Microsoft’s native email security leaves gaps in protection. Learn how a layered approach with advanced AI-driven solutions can provide superior defense against modern cyber threats.
Comparison of real vs fake website highlighting an AI-driven impersonation scam targeting finance
Technology

Decoding WebFake: The Rise of Automated Impersonation Attacks

StrongestLayer uncovers sophisticated AI-driven phishing campaign targeting financial institutions with perfect website replicas that evade traditional detection methods.
Checklist titled '10 signs' indicating the need for AI-powered phishing detection in a company
Technology

10 Signs Your Company Needs AI-Powered Phishing Detection

Learn the 10 signs your company should upgrade to AI-powered phishing detection to stop AI-generated phishing attacks. Discover real-world insights, benefits, and actionable steps to secure your email environment in 2025.
Cybersecurity dashboard highlighting an AI-detected phishing email outsmarting traditional defenses
Technology

AI-Powered Phishing Scams Are Outsmarting Traditional Defenses—Here’s How StrongestLayer Caught One in Action

In this blog, we analyze a sophisticated phishing campaign intercepted by StrongestLayer’s Zero-Day Detection Engine—an AI-powered system designed to identify emerging threats in real time.
Fake Microsoft sign-in page warning of a zero-day phishing threat
Technology

Zero-Day Microsoft Phishing Campaign caught by StrongestLayer is still largely undetected

This blog delves into the intricacies of this campaign, revealing how it operates and how cutting-edge solutions like StrongestLayer’s Recursive-Predictive AI Detection Model (Zero-Day Detection Engine) are countering these threats.
Screenshot of a fraudulent WalmartVisa.com site with warning sign indicating a sophisticated phishing scheme
Technology

The Threat Behind WalmartVisa.com: Analyzing a Sophisticated Phishing Campaign and StrongestLayer’s AI Detection

This article provides an in-depth analysis of how StrongestLayer’s AI-driven detection system identified this threat early, while traditional security platforms failed to do so.
Technology

StrongestLayer Pre-Emptively Intercepts AI generated Amazon Phishing Campaign

StrongestLayer has successfully intercepted a brand new, just recently created (literally the domains are being created for this campaign at this time while this blog is being written) in advanced AI-driven phishing campaign that seems to be in the phase of ramping up their domain acquisition and preparedness phase before the holiday season hits and the shoppers jump on to the big sales, specifically targeting Amazon shoppers.
Smartphone showing WhatsApp with alert icon indicating a zero-day phishing threat
Technology

How StrongestLayer Protects Against Zero-Day Phishing Threats Targeting WhatsApp Users

At StrongestLayer, we are meeting this challenge head-on with our predictive threat AI model, enabling organizations to detect and neutralize these threats proactively.‍
Illustration of AI-generated e-commerce cyber threat targeting enterprise procurement
Technology

Threat Intelligence Brief: AI Generated E-Commerce Cyber Threat Targeting Enterprise Procurement

The StrongestLayer Threat Intelligence team has uncovered a global, AI-driven e-commerce scam network that targets enterprise procurement departments and unsuspecting employees involved in purchasing.
Hijacked India Times website and Microsoft login illustrating a DNS flaw leading to a phishing scam
Technology

India Times Hijacked: How a DNS Flaw Led to a Microsoft Phishing Scam – Are You Secure?

Threat Intelligence discovered a phishing page hosted on the India times website, redirecting users to a malicious Microsoft login replica. This incident highlights the need for employees to be vigilant and prepared for the next cyber threat.
Office 365 interface with a clock icon, symbolizing quick AI-powered email security setup
Technology

Real-Time AI Email Security for Office 365: Setup in 5 Minutes

Experience the future of email protection with StrongestLayer. Our real-time AI Email Security solution for Office 365 is ready to deploy in just 5 minutes—fight phishing and BEC threats with cutting-edge technology that’s simple, fast, and effective.
Counterfeit logistics trucks and containers representing a deepfake supply chain phishing attack
Technology

Deepfake Logistics: AI-Generated Phishing Campaign Targets Global Supply Chain with Fake Logistics Brands

The cybersecurity landscape is evolving rapidly, with AI-driven phishing campaigns becoming increasingly sophisticated. 
Technology

AI-Powered Phishing Detection: Strategies to Combat Next-Gen Email Threats in 2025

Explore how AI-powered phishing detection is revolutionizing email security in 2025. Learn why traditional security fails, how advanced AI tools detect evolving threats, and actionable steps to protect your organization against next-gen email phishing attacks.
Technology

Cybersecurity 2025: Mastering AI-Driven Threats and Supply Chain Vulnerabilities

In this post, we outline the key cybersecurity risks anticipated this year and offer strategic solutions for creating resilient defenses.
Silhouettes of U.S. employees removing a mask from a phishing attacker to show resilience
Technology

US Employee Resilience: Unmasking Malicious Phishing Tactics

Malicious actors are hiding their identity behind redacted whois information and leverage publicly available cloud platforms to create, prepare, weaponize then redirect ultra realistic and relevant campaigns, evading detection.
World map dotted with thousands of malicious domain names found by investigating AI-generated brands
Technology

StrongestLayer uncovers 3 million malicious domains through investigating AI-Generated brands

This story began with an innocuous-looking domain encountered by one of StrongestLayer’s analysts during routine threat-hunting activities focused on zero-day phishing attacks.
Icons of a luxury car, job portal, and smartphone connected by phishing lines representing a hybrid scam
Technology

Global Hybrid AI Phishing Scam: Luxury Cars, Job Portals & Phone Fraud

StrongestLayer recently uncovered an extensive network of deceptive, AI-generated websites operated by a sophisticated phishing group.
Visualization of a multi-stage malware chain labeled 'PhantomStrike' neutralized by cybersecurity
Technology

Deconstructing "PhantomStrike": How StrongestLayer Stopped a Multi-Stage Malware Attack

Our LLM-assisted detection capabilities identified and neutralized this threat before it could impact our customers, demonstrating the power of AI-enhanced cybersecurity.
Red alert symbol over an email to illustrate detection of another undetected zero-day phishing scam
Technology

StrongestLayer Captures yet another Zero-Day Phishing Scam that remains undetected

In this blog, we’ll dive deep into a unique and sophisticated phishing campaign detected by StrongestLayer's Zero-Day Detection Engine, which uses generative AI-based hybrid threat detection models to identify novel threats in real time.
Report cover with AI graphics and world map illustrating zero-day phishing threat intelligence
Technology

StrongestLayer Threat Intelligence Report: Zero-Day Phishing Threats and Agentic AI Driven Detection

In this blog, we explore the rise of zero-day phishing threats, their dangers, and how StrongestLayer’s revolutionary agentic AI provides a cutting-edge defense.
India Times homepage URL bar unexpectedly redirecting to a fraudulent Microsoft login phishing page, illustrating a DNS-based hijack attack.
Technology

India Times Hosting Redirect to Newly Discovered Microsoft Phishing Page. Are Your Employees Prepared?

StrongestLayer Threat Intelligence had been encountering phishing traffic that was taking advantage of a mass mailing website called 'exactag.com,' where attackers continuously created new subdomains for nefarious purposes
Office building façade illuminated with a red warning overlay, symbolizing how Microsoft phishing campaigns can bypass security awareness defenses.
Technology

How Microsoft Phishing Campaigns Bypass Security Awareness: A Deep Dive into Advanced Threats

Traditional security awareness training often teaches users to analyze URLs and language and design inconsistencies in phishing sites. Attackers know this approach and continually evolve their tactics to bypass these defenses.
analyzing AI-driven dashboard comparing Business Email Compromise solutions in the AI era.
Technology

What Should US Based Enterprises Assess When Choosing the Best BEC Solution for the AI Era

AI-driven Business Email Compromise (BEC) attacks are rising in the U.S., heightening financial loss risks. These attacks target executives and finance teams.
Protective shield covering an email envelope symbolizing comprehensive defense against phishing
Technology

The Best Defense Against Phishing: Comprehensive Strategies for Businesses

Phishing is no longer a simple email scam; it has evolved into a sophisticated cyber threat capable of crippling businesses of all sizes.
security expert analyzing emails, representing human-driven phishing defense solutions
Technology

Top 7 Human-Driven Phishing Defense Solutions

While advanced technologies like AI and machine learning play a vital role in cybersecurity, human-driven solutions remain a critical component in defending against phishing attacks.
Futuristic battlefield with AI combat drones symbolizing cyber warfare risks in 2030
Technology

AI-Powered Cyber Warfare in 2030: Risks, Innovations, and Global Implications

The rapid evolution of artificial intelligence (AI) is poised to redefine the landscape of cyber warfare by 2030.
professional hand collaborating around a glowing digital shield, symbolizing a security-conscious culture driven by behavior change in 2025.
Technology

Reducing Cyber Risks Through Behavior Change: The Security-Conscious Culture in 2025

Despite decades of security awareness programs, many organizations still face challenges in achieving their intended outcomes.
Illustration highlighting vulnerability to Business Email Compromise (BEC) attacks in 2025.
Technology

The Complete Guide to Business Email Compromise (BEC) Attacks in 2025

BEC attacks are a major threat, using social engineering and email spoofing to trick employees into unauthorized transactions or disclosing sensitive data.
Chart rising with 'AI' and 'phishing' icons, depicting emerging AI-driven phishing tactics in 2025
Technology

Emerging AI-Driven Phishing Tactics in 2025 and How Enterprises Can Stay Ahead

In 2025, phishing tactics will be evolving at an unprecedented pace, primarily driven by advancements in artificial intelligence (AI).
Digital padlock with AI circuitry protecting a corporate network from AI-driven phishing threats
Technology

Mastering AI Security: Protecting Enterprises from AI-Driven Phishing

This blog delves into AI's transformation of phishing tactics and outlines strategies for enterprises to protect against these evolving threats.
AI neural network identifying a malicious email, symbolizing advanced phishing defense in 2025
Technology

How AI is Revolutionizing Phishing Defense in 2025

Phishing attacks target human weaknesses to access sensitive data, causing financial and reputational harm. AI is transforming this landscape by providing advanced tools to detect and counteract these threats.
Human and robot collaborating over digital code, symbolizing AI-human synergy in security
Technology

Cybersecurity in 2025: The Synergy Between AI and Human Ingenuity

In 2025, cybersecurity is evolving rapidly. Attackers use AI for complex threats, while defenders counter with AI-driven solutions.
Futuristic quantum circuit merging with AI, representing advanced cybersecurity against new threats
Technology

From AI Phishing to Quantum Risks: Mastering Cybersecurity in the Age of Intelligent Threats

In 2025, AI is reshaping cybersecurity, acting as both a protector and a threat.
Hacker figure with AI code background, representing AI-driven cyber threats exploiting innovation
Technology

From Innovation to Exploitation: How AI Fuels Cyber Threats

Throughout this blog, we’ll discuss the rise of AI-powered autonomous cyberattacks, their implications for businesses, and the strategies needed to defend against them.
robot brain showing light and dark sides to represent the dual-use AI security dilemma
Technology

Navigating the Dual-Use Dilemma: The Battle Against AI Misuse

Our goal is to empower leaders and security professionals with insights and resources to protect assets from emerging threats, ensuring innovation drives progress without increasing risks.
Training room with holographic AI instructor showing employees security awareness content
Technology

How AI is Transforming Security Awareness Training in the Modern Workplace

This blog explores how AI is revolutionizing security awareness training and why it’s crucial for the modern workplace.
Graphic illustrating the top industries—finance, healthcare, manufacturing, retail, and education—most vulnerable to business email compromise attacks in 2025.
Technology

Top 5 Industries Most Vulnerable to Business Email Compromise Attacks in 2025

Business Email Compromise (BEC) attacks have evolved into one of the most costly and damaging forms of cybercrime.
Boardroom meeting with a masked face on screen, illustrating the corporate deepfake crisis
Technology

The Deepfake Crisis in Corporate Realms: A Comprehensive Guide to Corporate Defense

This blog dissects the anatomy of deepfake threats, unveils cutting-edge defense tactics, and equips organizations to turn the tide.

Try StrongestLayer Today

Immediately start blocking threats
Download datasheetRequest a demo
Emails protected in ~5 minutes
Plugins deployed in hours
Personalized training in days
Home
Use CasesAbout UsThreat Research
Features
AI Email SecurityInbox AdvisorAI Generated TrainingThreat Intel SimBrowser ProtectionPre-Attack Detection
Resources
Customer StoriesFirefox ExtensionContact UsBecome a PartnerPrivacy Policy
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
© 2025 StrongestLayer. All rights reserved

StrongestLayer, Inc. 1900 5th and 6th Floor, Reston Station, 1900 Reston Metro Plaza, Reston, VA 20190