DURHAM — Durham officials are warning the community to be on the lookout for suspicious emails that appear to be sent by town staff after the town’s email service was hacked.
Town Administrator Ruth Glaeser said the town first became aware of the situation Oct. 16, when she and others began receiving email replies to messages sent in 2019.
The emails appeared to be from staff, especially the codes enforcement officer and fire and rescue chief, but included unfamiliar and unrelated addresses (For example: the email may say it’s from codes@durhamme.com, but next to the sender is an address like app.bastia@abruzzodistribuzione.it). The emails may include zip attachments, links, or the words “Archive pass: ***”
Many people are receiving multiple emails, and Glaeser said she’s received as many as 60 in one day. The town is investigating the issue and will be using a different email system, which Glaeser said she hopes will resolve the issue.
Officials are cautioning residents not to open the emails and to delete them right away, as they may be seeking financial information or contain a virus.
The town would never request financial information through email, Glaeser said.
Durham uses T.H. Creations in Lisbon for web services, which contracts email services through Rackspace.
Since it was a third-party server that was hacked, not the town’s, there is no impact beyond the town’s email system.
Voting will not be affected, something Glaeser said was initially a concern.
“We contacted some people with the federal government who work with cybersecurity but (the election) doesn’t seem like it was the intent,” she said.
Despite this small comfort, there’s still no information about where the breach originated.
“This is probably a pretty far-reaching virus that gets into your emails,” Glaeser said, citing pings from servers in countries around the world. “It’s somebody who knows what they’re doing,” she said.
Overall, the ordeal is expected to cost the town “a substantial amount of money,” somewhere in the $10,000 range, Glaeser said. Officials are working with IT consultants and will have to migrate the email system over to Microsoft 365, a more expensive option both upfront and with continued costs, but also with more security.
The switch is expected to be completed within the next few weeks, but Glaeser said it remains to be seen if the emails will stop once that happens.
In the meantime, she apologized for the inconvenience and said to be on the lookout for “things that don’t make sense, wrong email addresses … delete anything that looks weird.”
Comments are not available on this story.
Send questions/comments to the editors.