CrowdStrike has observed a notable rise in eCrime activities, particularly payroll business email compromise (BEC) that targets U.S.-based private schools. This simpler fraud technique involves threat actors impersonating school employees to alter direct deposit details to accounts they control, posing a significant risk to academic institutions as the school year begins. Threat actors use various online platforms, including Telegram channels and forums, to share detailed tutorials on executing payroll BEC campaigns, emphasizing the importance of obtaining staff directories and impersonating employees through spoofed email addresses. To mitigate these risks, organizations are advised to scrutinize "Reply-To" headers in emails, use spam filters to detect common BEC phrases, and employ separate platforms for payroll operations to reduce vulnerability to such fraud.