Last week, the Maplewood Township email system was compromised, resulting in “spoofed” emails being sent to many users who had previously emailed with Township staff and that appear to be in response to existing message threads. Despite the malicious files being removed from the Township system, the spoofing has continued, with emails that appear to be from the Township but that are now being sent from outside the system. Residents and vendors should view any emails that appear to be from the Township with caution. More from Maplewood Township:
Last week malicious files were located on the Township’s email system. Spammers were able to use such files to exploit Township emails and address books, including all internal and external contacts, in order to send phishing links. The Township’s IT team has been working diligently to address the issue and is able to report that there are no longer any malicious files located on the Township system.
However, spammers are now using the same data to send out spoof emails. These emails appear to come from Township email accounts in response to existing message threads. While closer inspection reveals that these emails are being sent from accounts not associated with the Township, the fact that they are being sent in response to legitimate communications makes it challenging for users to identify the phishing attempts before clicking on any links or attachments.
Unfortunately, because both the senders and recipients of this new round of phishing emails are outside of the Township’s domain, our IT team is unable to address the issue any further. For this reason, anyone receiving an email that appears to be from Township employees is advised to do the following:
- Verify that the sender’s email address matches the sender’s name. If this is not the case, block the sender.
- Verify that the sender’s email address matches the Township’s domain (@twp.maplewood.nj.us).
- Avoid clicking on any links or attachments.
- If an email from a Township account seems suspicious, contact the sender to confirm its legitimacy.
- Report all suspicious emails as spam before deleting.
- If you click on a link or attachment that appears to contain malware, run your personal device’s anti-virus software as soon as possible.
Thank you all once again for your patience and understanding as we have worked to address this issue. Please note that, in order to avoid similar situations in future, the Towship has taken the following actions:
- Removed all malicious links via cloud control/manually from devices.
- Updated the anti-virus on every Town Hall device
- Ran a system-wide scan for servers and local machines to find and delete viruses, malware, and spyware
- Installed TrafficLight (to check legitimacy of site) and UOrigin Block (to block pops and malicious links by trackers) on Township workstations
- Factory reset workstations with severe malware infections
- Ran an aggressive scrub on all servers and severely impacted workstations
- Scanned, disinfected, and quarantined 1000+ threats
- Updated the Exchange mail server with the latest Microsoft Security Patch
- Notified Barracuda (email spam filter) of the incident and requested a report on inbound/outbound communication, spam
- Closed all unidentified ports on the Township Firewall
- Disabled all old user accounts
- Created new Group Policies to block auto execute from known software
- Reset all local passwords and server access
- Reset all Township user passwords
- Set all incoming/outgoing email to scan via Bitdefender
- Connected advanced malware protection and IDS/IPS to alert system