HOLYOKE, Mass. (WWLP) – The Holyoke Treasurer’s Office was the victim of a cyber attack that cost the city $10,000.
Police in New York have said they think they’ve identified a suspect, and Holyoke is hopeful they can get that money back.
In June of 2017, an email that appeared to be from a city department head shows up in Holyoke Treasurer Sandra Smith’s mailbox.
The subject read: “Action Required.” the text included “I need you to process an urgent payment that needs to go out today.”
Smith wired the money. She said the request came at the end of the day.
“I am not an I.T. expert, I was doing, I thought, my job. I reported it to the mayor and said I am going to have to take care of this situation and I booked it as a fraud with the auditor,” explained Smith.
22News examined the emails, which were assigned a real name from a fraudulent Gmail account. A tactic called “spoofing.”
“Organizations publish directories so if I want to get the name of the Chief Financial Officer, I just go to their website and I can figure out who that is. I can quickly create a Gmail account, give it that person’s name and see what happened,” explained Snyder, the Cyber Security Management Program Director at Bay Path University.
Smith told 22News wiring money is a common part of the treasurer’s job. After the June incident, Smith said there was another attempted attack, which she caught.
“It will not happen again. We did have an incident and I flagged it right away and brought it to I.T.’s attention and they took care of it,” explained Smith.
Smith said the city’s I.T. department has new filtering measures to make sure these emails go into spam.
Cyber Security experts told 22News technology can only do so much. Your best defense is to pay attention.