Hackers are stepping up computer attacks on cities and counties

Sharp-eyed employees are key to stopping the breaches

  • $500,000 in payroll stolen from the city of Tallahassee, Florida

  • Real estate transactions, phones, city email, payment processing halted in Baltimore

  • Online residential bill payments unavailable in Akron

  • Access to municipal computers shut down in San Antonio

  • Pennsylvania state law enforcement databases unavailable to Allentown police

  • Computer operations halted in the city of Atlanta; potential cost: $17 million

  • The treasurer of Ottawa, Canada transfers $100,000 to a fraudster who masqueraded as the city manager in an email


All those breaches have occurred this year. Hackers are targeting cities and counties with powerful ransomware that locks and encrypts computer files. Municipalities make attractive targets because of the large number of employees with access to computers that are linked to vital city systems.


The preferred method of attack: sending employees urgent, important-looking fake emails that appear to originate from within the city or county but are actually sent by fraudsters. These “phishing” emails are common because they’re so effective. 

Simply opening an attachment in some emails triggers a ransomware virus that quickly spreads across the computer network and holds a municipality’s police, real estate, bill payment, and other systems hostage until a ransom is paid.

But the FBI generally advises cities and counties against paying the ransom because is no guarantee the files will be unlocked.


Here are examples of subject lines in phishing emails targeted at city and county employees:

  • Update to employee benefit plans

  • Revised vacation schedule

  • Payroll information attached

  • HR department announces new employee policies

  • Updated information about staffing

  • Urgent: update your beneficiary information

  • Important tax notice


Employees are the best-defense against ransomware. Use your instinct. Don’t open an email — particularly an urgent one — unless you’re expecting it.


If you have any questions or suspicions before opening an email, contact your Help Desk.

WHEN IN DOUBT, TOSS IT OUT: A fake email making the rounds warns readers they’re facing a lawsuit by “the city”. The email refers to a real law firm and instructs the reader to open the attached Word doc within seven days to learn details about the legal dispute. Krebs on Security says simply opening the document will infect the user’s computer with a sophisticated virus.

If you have any questions or suspicions before opening an email, contact your Help Desk.

WHAT’S A GMAIL PASSWORD WORTH TO A SCAMMER? According to Google and the University of California, on average, $384. Protect your valuable email account with a long password that can’t be guessed and use that password exclusively for your email account.  

Trust your instinct.
If an email doesn't look quite right
or a website asks for personal information,
stop and think before you click!
Have you received a suspicious email?
Contact your department's help desk.

You're the most important link to

protecting the City and your family from cyber fraud.

In the upcoming edition of Cybersecurity News
from the City cybersecurity team:
The two types of employees who are most apt to get hacked. 

June 2019 a • Edition #71

Cyber Cartoon: All rights reserved Slane Cartoons Limited

Original content © 2019 Aware Force LLC

Aware Force is a registered trademark