Suspicious Emails – Investigation Update and Actions to take
Last week we made you aware of suspicious emails and spoofing instances related to some of Partick Housing Association (PHA) mailboxes between Monday 25 and Tuesday 26 October 2021.
Firstly we are sorry for any distress this has caused and want to assure you that we take our responsibility for data very seriously.
PHA’s ICT infrastructure is managed through a contract with MRI Software LLC and in conjunction with MRI we have conducted a full investigation of issues and most importantly, we have considered the risks to the recipients of these emails.
Investigation findings
Our investigation found that a routine upgrade to our exchange server (where emails are sent from) had not been applied within the appropriate timescales. This caused a weakness in our accounts and allowed hackers to copy some outgoing emails, cut and paste information and resend emails appearing to be from PHA mailboxes or staff.
Some the emails had broken links or illegible texts making it easily recognisable that they were not from PHA. Others had links which opened a zip file or excel sheet.
We have assurance that our systems (customer databases and internal systems) were not affected. This instance only relates to outgoing emails.
Actions to take if you received an email from us.
Detailed below is various scenarios to consider if you received an email from us (during Monday 25 October and Tuesday 26 October) and the implications or actions you should take. Some of the recommendations have previously been advised to you in our communications.
Email received, where you DID NOT click on a link:-
- Despite the lower risk and chance of no impact, It’s recommended that you, the end-user runs Anti-Virus software on the device that was used to access the link.
- If you do not currently have any installed, “Malwarebytes”/”AVG” and “Kaspersky” all offer free versions.
Email received, where you DID click on a link or are unsure:-
- It’s essential that you run Anti-Virus software on the device that was used to access the link.
- If you do not currently have any installed, “Malwarebytes”/”AVG” and “Kaspersky” all offer free versions.
- You should also change your password on your email account.
- If you received the email at work and are part of an organisation that has an IT presence, please make your IT team aware of the situation so they can review further.
In any case we suggest considering the following advice:
- If the email does not look genuine, or the usual formatting that is received previously is not present, it is always worth following up with the sender before viewing any attachments or content further.
- If the email appears genuine, but it is from an unknown sender, it is advisable to follow this up with the sender in a separate communication or to query this with any available IT presence.
Our colleagues at MRI are happy to talk you through any of this if you need support. Please contact 0845 643 0642 or email CMS.Support@castletonplc.com and let them know your name and that you are a customer from PHA.
Additional Actions
We have updated and checked all of our security measures as well as tested the spoof email links.
The exchange server that was identified as the source of the unauthorised access has been upgraded to the latest version which has fixed the vulnerability to prevent a recurrence. Our hosted ICT infrastructure provider, MRI, have also now deployed an SPF record which prevents emails being sent that originated from any unauthorised devices. Additional email filter settings have been updated to further increase security over outgoing emails and the application of updates to servers will be automatically scheduled.
We have reported the incident to our Data Protection advisers, the Information Commissioners Office (ICO) and the Scottish Housing Regulator by way of transparency and to reaffirm that we take these matters seriously.
We are very sorry this has happened and want to insure you that our investigation and checks are continuing to ensure this doesn’t happen again.
If you have any questions please contact Jacqueline McCutcheon on 07789 510 284 or get in touch info@partickha.org.uk