Council on West Coast caught out by phishing scam

An internet scammer who managed to crack into West Coast Regional Council staff e-mail accounts has forced the council to beef up its cyber security and retrain staff to spot 'phishing' e-mails.

Phishing is a form of cyber attack where an apparently legitimate e-mail is sent with an attachment that, if opened, gives the fraudster access to the recipient's e-mail account.

But opening the attachment allowed the 'phisher' to get into their accounts and see contact lists, calendars and e-mails.

Planning and science manager Hadley Mills reported this week that scam e-mails sent to council mailboxes last month had compromised 10 e-mail accounts.

"On Wednesday 22nd July, a scam e-mail was received by a staff member that came from a source known to the staff member and claiming to have an attachment that was expected. The staff member then opened the message and entered valid login details into a fake website. The fake website then collected those details and allowed an external party to access our Outlook Web Access system as the staff member without drawing any attention," Mr Mills said.

The next morning, the staff member's account was used to send out further e-mails to their contacts including other staff and people outside of the council.

Warnings went out to all council e-mail contacts who could be at risk, including other councils.

"Because the e-mails came from our staff member and were not unexpected, this resulted in a further seven being compromised as other staff clicked the link and entered login details over the next day."

IT staff worked with affected staff to reset logins and get accounts working again, initially thinking the scam only affected one or two users, and all staff changed their passwords.

But five days later, the phisher struck again, targeting the account of a non-staff member who had not received earlier warnings.

"Unauthorised access was gained, and further e-mails sent. One of those recipients also compromised their account, bringing the total to 10."

The regional council's e-mail security systems had not kept up with changing threats, Mr Mills said.

"WCRC use a firewall with e-mail filtering capabilities which blocks an average of approximately 500 spam or scam e-mails each day. No system is perfect, however, and some still get through."

As a local government entity the council was at high risk of attack and IT staff had noticed a significant increase in scam attempts over the past year, Mr Mills reported.

"Our consultants are continuing to work through log files to work out what was accessed by the unauthorised party and if there is any further risk to the organisation."

The council was re-running an education programme for staff on how to detect phishing e-mails and taking other security measures to prevent any repeats, including improved monitoring and reporting software, he said.

Regional council acting chief executive Robert Mallinson emphasised that no ratepayer's or contractor's details had been accessed in the scam.

"They didn't crack onto our rates system, or accounts system or debtors' system, and I can say unequivocally that no one's financial or personal details have been put at risk," Mr Mallinson said.

Lois Williams - Local democracy reporter







Local trusted journalism matters - now more than ever

As the Covid-19 pandemic brings the world into uncharted waters, Star Media journalists and photographers continue to report local stories that matter everyday - yours.

For more than 152 years our journalists have provided Cantabrians with local news that can be trusted. It’s more important now than ever to keep Cantabrians connected.

As our advertising has fallen during the pandemic, support from you our reader is crucial.

You can help us continue to provide local news you can trust simply by becoming a supporter.

Become a Supporter