City of Pasadena Email Accounts Compromised, Cyber Criminal Sends Out Fraudulent Phishing Emails

Published : Monday, April 30, 2018 | 1:25 PM

A small number of of City of Pasadena email accounts were compromised on April 26, allowing the perpetrator to send out so-called phishing emails to contacts in the compromised accounts’ address book, a city official said Monday.

Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

The City’s Department of Information Technology was contacted shortly after staff became aware of the issue and those affected accounts were immediately disabled, according to Acting City Public Information Officer Lisa Derderian.

In an abundance of caution, all City staff that received the fraudulent emails were required to reset their passwords to protect City systems and services, Derderian said.

Members of the public received phishing emails bearing legitimate City of Pasadena sender email addresses, but it is not known how many such emails were sent out. Pasadena Now received multiple such emails at 4:33 a.m. Monday morning.

Phishing email attempts are common and everyone should be mindful about opening emails, attachments and links from anyone.

The City provided a list of cyber security best practices to help protect yourself from phishing attempts:

• Never give out your account, password or personal information to anyone by email, phone or through a website unless you have initiated the request yourself.

• Never open an attachment or click on a link in email from an unknown sender or from a contact who rarely sends attachments or links. If in doubt, call asking for a confirmation from the sender who emailed the attachment.

• Never click on a link that looks suspicious in email. Hover over the link and a dialog box will appear showing the address. If the address does not include the name of the company, or does not match the printed address in the email, it’s a malicious link.








blog comments powered by Disqus