Published on September 27th, 2019 📆 | 4120 Views ⚑0
Minneapolis mayor hacked in phishing scam that claimed official city email account
The mayor of Minneapolis wound up on the receiving end of a phishing scam that resulted in his official email account being compromised, his office said Thursday.
Local news outlets in Minneapolis, the state’s most populous city, reported receiving suspicious emails Thursday morning purportedly sent by Mayor Jacob Frey, a Democrat, instructing recipients to open an attached PDF file.
“Please download and view below a proposal from The City of Minneapolis for your review, we have a new financial offer that I considered you might be interested in based on the history of your company and decided to give you an exclusive insight first before making it public,” said the emails, according to the outlets.
Security experts who reviewed the messages concluded they were sent by someone who hijacked Mr. Frey’s city email account rather than simply masquerading as the mayor.
“In this case, it wasn’t a ‘spoofed’ email pretending to be the mayor. They hacked the mayor’s account,” cybersecurity expert Bryce Austin told KARE 11, a local NBC affiliate that received the email. “It’s a very basic hack, but the difference is it’s the mayor, a person with authority, and that is very concerning.”
The mayor’s office acknowledged that Mr. Frey’s account had been apparently hacked through a phishing scam and advised recipients to refrain from opening any similar emails and attachments to avoid suffering a similar fate.
The incident has since been “contained and resolved,” mayoral spokesperson Mychal Vlatkovich said later Thursday, the Star Tribune reported.
“We apologize to those who were targeted as a result of this scam,” said the spokesman.
Hackers often claim victims by tricking targets into opening files, such as PDF documents, that have been embedded with malicious code. Indeed, Malwarebytes, a California-based cybersecurity company, warned earlier this week that it was aware of a recent campaign in which booby-trapped Microsoft Word files purportedly containing the text of “Permanent Record,” the new book by former intelligence contractor Edward Snowden, were used as bait in a similar email campaign.