Phishing emails are not new, but the approach they’re taking may be unfamiliar to some victims. In a phishing attempt, a scammer sends out hundreds or even thousands of emails, hoping someone takes the bait.

Some of the most infamous phishing tactics are the so-called Nigerian prince emails, or messages that promise the recipient a share of the wealth if they’ll only help traffic a fortune out of the country. Those emails are so laughable that they’ve made their way into pop culture and entertainment media, but the truth of the matter is the current state of phishing attempts is anything but funny. Now that the general public tends to dismiss the ridiculous emails as fraud, scammers have had to evolve in order to continue to reel in their victims.

That’s why boss phishing or CEO phishing is growing in popularity. With a few simple hacks, cybercriminals can take over the boss’ email account, send it to all of his or her employees, and give them instructions to do something that compromises the network and gives the thieves what they want. Even better, there’s no need to hope for a nibble or two after sending out countless emails, since a boss phishing email tells a focused group of people to comply with the demand. What employee is going to ignore and delete an email from the boss?

That’s certainly the case for a New York school system who received two phishing emails, which then prompted an employee to turn over all of the teachers’ personal identifiable information—including Social Security numbers—to the scammers. This action came after receiving an email that appeared to come from the district’s superintendent. The school district has now sent out warnings to the teachers to be mindful of phishing tactics and to monitor their credit reports and accounts carefully for any sign of fraud. Another unnamed school district in New York has also reported receiving these phishing emails, apparently from their superintendent.

With the increase in awareness of scams, fraud attempts, and identity theft, cybercriminals have to get more and more sophisticated in order to keep up. At the same time, the tools the scammers have at their disposal—such as the ability to hack into an email network in order to send out message that appear to come from someone in charge—are also easier to come by, meaning they don’t have to have any specific hacking training in order to pull off these scams. Consumers have got to stay on top of the matter and protect themselves, mostly by remembering to never give out their personal information over email or online without knowing where it will end up.