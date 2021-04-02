Palisade is warning anyone who received an email from one of its town email addresses asking people to review documents to delete it without opening.
“What happened is one of our employee email accounts was compromised,” Town Finance Director Travis Boyd said. “So the credentials for that email account were out there somehow and an email was sent from her account that was a spoofing email to try and get login credentials from the people that received the email.”
Boyd said anyone who clicked the link in the email should delete the message and then change their password. He said the link took users to a convincing looking page asking them to enter Windows login credentials.
“If anybody receives that kind of email and they clicked on the link, we put it out there to please change your passwords,” Boyd said. “That’s the best thing they can do.”
The fraudulent message was identified quickly, Boyd said, as members of town staff received it, as well as members of the public. He said they took steps immediately to remedy to situation, including notifying people not to open the message.
“Our IT team came in and shut her account down immediately,” Boyd said. “We knew that there were not only our internal addresses on her address book, but also addresses from the public.”
Mayor Greg Mikolai said he had received a message warning him about the email and he said this is a common problem for many businesses and institutions, as well as municipalities.
“It seems like that is becoming more and more prevalent just about anywhere you are at,” Mikolai said. “I teach at CMU and we get it here and I’m sure the city of Grand Junction gets it.”
With these types of instances happening more often, Mikolai said people should be cautious when reviewing emails. He said to always check who sent the email and to check the web address of any links in an email before clicking. If anything seems suspicious he said you should delete the message.
“If you see something, the first thing you should look at is what’s the email address? If it doesn’t look like anything you recognize well don’t open the darn thing. Trash it,” Mikolai said.
This appears to be the only town email account compromised, Boyd said. However, they did change all the account passwords and added some new authentication procedures to try and prevent the situation from reoccurring. He said there was no breach of any town data.
“Our data was not compromised,” Boyd said. “There was no unauthorized access to our internal servers. No viruses were loaded on any machines.”