Over the summer, students’ and staff’s Gmail inboxes were greeted with the blue, underlined phrase “APPLY HERE,” enticing them to apply for a part-time job.

The unsuspecting few who clicked the link for a chance to earn $450 for three hours of work were taken to a Google Form that asked for their name, phone number, date of birth and other identifying information.

“It’s the first time I’ve ever seen anything like that,” principal Craig Weinreich said. “I had students from other schools emailing me and saying, ‘There’s a Sunny Hills student trying to get money from me or do something.’”

Unknown individuals gained access to Fullerton Joint Union High School District [FJUHSD] student emails using them to send fake applications under the guise of being a fellow student or staff member. 

Despite the district-wide security breach, no official information has been released or emailed out, and Weinreich said most people likely deleted the email from their inbox.

“There wasn’t a huge impact over the summer,” the principal said. “There weren’t a lot of people that reached out to us and said, ‘This is an issue.’” 

He said there are no specific resources to “look into those things” on campus and that the information tech [IT] department is in charge of investigation in these situations.

“It’s hard over the summer because not everybody’s here, and there’s nobody to come talk to or kind of figure out some of those things,” Weinreich said. “[But] we’ve got a very robust IT department that does a lot to protect things, especially from a cybersecurity perspective.”

Site tech Anthony Jara said the emails likely have no clear purpose aside from collecting data, and though they aren’t targeting people, they’re still trying to harvest personal information. 

“One of the big things that people don’t realize is that people’s data, as simple as your name, your height and what you like can be sold for many, many dollars,” Jara said. “It’s not always for nefarious reasons… [but] sometimes there are people who are trying to use your email address to access your account to get your password and start sending emails as you.”

He said the tech department has already put a lot of protection over the student emails, including Google’s built-in spam and phishing filters, Barracuda Networks’ spam filter and the KnowBe4 extension to quarantine suspicious emails and alert administration.

“So in those kinds of instances, it’s not that we don’t necessarily care, but it’s very, very low on the totem pole,” the site tech said. “In education, the totem pole is a little bit higher because it’s your data, so we have to be extremely diligent on anything and anybody that’s trying to get your information.”

Senior Sophia Gentile said she suspected it was a scam from the start, but realized how suspicious it was after getting the email multiple times.

“The first time, I wasn’t looking for a job, so I didn’t really care, but then the second time I knew something was wrong and deleted the email; I should have blocked it, honestly, because then I got a third one,” Gentile said. “I think the district should look into where the email was sent from and what exactly it’s trying to accomplish.”

Though most students were quick to question the opportunity and remove the email, senior Benjamin Kim initially thought it was real. 

“I thought this was a job given by the school, or maybe the school supports this job and wants to give opportunities to students to make money,” said Kim, who saw the email in his inbox in July 2025. “So obviously, I thought it was a good thing and I thought it would be safe.”

He said he realized it was suspicious and potentially unsafe as he was filling it out because he noticed it was asking questions about his personal information, and said he asked his dad to call the district.

“From what I heard, he called the school district, and the school district was like, ‘Yeah, this is a scam,’” the senior said. “They were saying they don’t support this, they don’t know anything about this and they’re getting calls from other parents as well.”

He said he received another email a few weeks later, and he ignored it that time. 

“I feel like the school should let us know ahead of time that something like this is happening,” Kim said. “They should just address it publicly, saying that this is not safe.

As of now, Jara said most of the scam emails have been removed by the district technicians. 

“Our district technicians have the ability to go into mailboxes and deem anything as not usable or malicious, and that also comes from tools from Google, because as a parent company, it includes Google to make sure that we aren’t doing anything bad and it’s not going to affect them,” he said. 

Jara also said that a broad alert from the administration is unlikely since the situation doesn’t seem to be an overwhelming issue, especially considering that he has only received a few tech tickets and reports about the scam emails.

“Certain things won’t be [disclosed] because there’s really no need to scare,” Jara said. “And if it’s not anything that is important to the masses, no need to bring it up again, just delete, delete, delete.”