The Courier & Advertiser (Angus and Dundee)
Angus folk warned over scam threat after council email hacked
Fraudsters managed to gain access to Angus Council’s email system before contacting locals in a bid to steal bank details.
The phishing attempt has seen hundreds contacted from the official @angus.gov.uk email address.
Titled “BACS Payments”, it directs the recipients to a site set-up to obtain log-in details from users.
Angus Council has urged anyone who has received the email to delete it.
John Phillip, who was one of those to open it, said he was worried vulnerable or elderly people would be scammed.
He said: “Users outwith Angus Council and carers and disabled people send receipts and bank statements in as per their direct payment agreement. Some of them will not be knowledgeable enough about IT to be aware of the risk.
“Others will click the attachment believing it’s something affecting their direct payments or a demand for repayment and submit the email address and password for their accounts – thus giving the hackers access to accounts and personal information.”
Organisations are required by law to protect personal data and ensure adequate anti-virus systems are in place.
It comes just a year after Dundee and Angus College was shut down for days after a cyber attack on its systems.
Mr Phillip added: “I called the Accessline and they were unaware the email had been sent.
“Whoever it was clearly had access to an Angus Council email account.
“I would have hoped that someone working in the payments division would have been more security conscious given their role and the data they handle.”
An Angus Council spokesperson said: “A phishing attempt was made to steal credentials and to send out other emails to internal and external contacts from an Angus Council user account.
“Our IT department blocked the access to the phishing site that was trying to gather credentials and as an additional counter measure have disabled accounts and reset passwords on all internal users who opened the email.
“We are very confident no systems have been compromised or data lost and this phishing attempt has had no operational effect.
“We are no different to any other large organisation with a high number of users, in that we are a target for phishing scams.
“We have robust security policies, procedures and training in place to prevent these.”
“They were unaware the email had been sent