Suspicious Emails – Investigation Update and Actions to take

Suspicious Emails – Investigation Update and Actions to take

Last week we made you aware of suspicious emails and spoofing instances related to some of Partick Housing Association (PHA) mailboxes between Monday 25 and Tuesday 26 October 2021.

Firstly we are sorry for any distress this has caused and want to assure you that we take our responsibility for data very seriously. 

PHA’s ICT infrastructure is managed through a contract with MRI Software LLC and in conjunction with MRI we have conducted a full investigation of issues and most importantly, we have considered the risks to the recipients of these emails.

Investigation findings

Our investigation found that a routine upgrade to our exchange server (where emails are sent from) had not been applied within the appropriate timescales.  This caused a weakness in our accounts and allowed hackers to copy some outgoing emails, cut and paste information and resend emails appearing to be from PHA mailboxes or staff. 

Some the emails had broken links or illegible texts making it easily recognisable that they were not from PHA.  Others had links which opened a zip file or excel sheet.

We have assurance that our systems (customer databases and internal systems) were not affected.  This instance only relates to outgoing emails.

Actions to take if you received an email from us.

Detailed below is various scenarios to consider if you received an email from us (during Monday 25 October and Tuesday 26 October) and the implications or actions you should take. Some of the recommendations have previously been advised to you in our communications.

Email received, where you DID NOT click on a link:-

  • Despite the lower risk and chance of no impact, It’s recommended that you, the end-user runs Anti-Virus software on the device that was used to access the link.
    • If you do not currently have any installed, “Malwarebytes”/”AVG” and “Kaspersky” all offer free versions.

Email received, where you DID click on a link or are unsure:-

  • It’s essential that you run Anti-Virus software on the device that was used to access the link.
    • If you do not currently have any installed, “Malwarebytes”/”AVG” and “Kaspersky” all offer free versions.
  • You should also change your password on your email account.
  • If you received the email at work and are part of an organisation that has an IT presence, please make your IT team aware of the situation so they can review further.

In any case we suggest considering the following advice:

  • If the email does not look genuine, or the usual formatting that is received previously is not present, it is always worth following up with the sender before viewing any attachments or content further.
  • If the email appears genuine, but it is from an unknown sender, it is advisable to follow this up with the sender in a separate communication or to query this with any available IT presence.

Our colleagues at MRI are happy to talk you through any of this if you need support.  Please contact 0845 643 0642 or email CMS.Support@castletonplc.com and let them know your name and that you are a customer from PHA.

Additional Actions

We have updated and checked all of our security measures as well as tested the spoof email links.

The exchange server that was identified as the source of the unauthorised access has been upgraded to the latest version which has fixed the vulnerability to prevent a recurrence.  Our hosted ICT infrastructure provider, MRI, have also now deployed an SPF record which prevents emails being sent that originated from any unauthorised devices.  Additional email filter settings have been updated to further increase security over outgoing emails and the application of updates to servers will be automatically scheduled.

We have reported the incident to our Data Protection advisers, the Information Commissioners Office (ICO) and the Scottish Housing Regulator by way of transparency and to reaffirm that we take these matters seriously.

We are very sorry this has happened and want to insure you that our investigation and checks are continuing to ensure this doesn’t happen again. 

If you have any questions please contact Jacqueline McCutcheon on 07789 510 284 or get in touch info@partickha.org.uk

Posted in PHA

Email Issue – Further Update

Following some concerns about emails received from us earlier this week we are conducting a full and thorough investigation.

The instances occurred sometime between Monday 25 October, 11am to Tuesday 26 October mid-afternoon.  We have had reports that some customers and stakeholders have received emails claiming to be from PHA, I have noted below an example of the type of emails people have received.

Greetings! You’ll find all essential information through a link in the e-mail:

1)rab.com.mx/quiperferendis/eosa-528389

2)nord-vpn.laoluayefele.com/illumtotam/molestiaenon-528389

Our IT provider, MRI is conducting through investigation into this issue and has applied additional security to our infrastructure.  At this stage we have had verbal assurance from our provider that no personal data has been compromised and we are awaiting their full extensive report including feedback on additional checks and testing. 

We have been in regular meetings with MRI throughout the week with the next update due on Monday 1 November 2021.

If you received an email from us which you were not expecting during the times notes above we recommend that you change your passwords and forward on any suspicious emails to info@partickha.org.uk

We have raised the matter with our Data Protection Officer and the Information Commissioner’s Office.

We will provide an update in due course.

Posted in PHA

Website Update

We are currently in the process of reviewing and updating our existing website, this means some pages may take longer to load whilst we review the current information and lay-outs.

During this review we are welcoming suggestions for improvement, to report any current issues or if you are interested in testing our new site – you can do this by visiting here.

Thank you for your continued patience.

Posted in PHA

COP26

The United Nations Climate Change Conference, better known as COP26 will be in Glasgow from 31st October – 12th November 2021 at the Scottish Event Campus (SEC).

There will be disruption to travel networks in and around our area. Current planned road closures and alternative routes can be found here.  You can also see any closures to walking and cycling networks through this link.

Businesses and residents directly affected by planned disruption will receive specific, direct communications forewarning them of the likely impact during specified periods.

You can find the full details, including any changes to other services within the city, on the Get Ready Glasgow website here.

Posted in PHA

Office Arrangements from 6 September 2021

We thank you for your patience over the past 18 months and recognise how flexible and accommodating everyone has been.  We appreciate your ongoing understanding as we try to keep our staff and customers as safe as possible.

In line with Scottish Government guidance, we are now able to operate a phased return of staff to the office.  For the short term this will mean that there are fewer staff physically in the office than pre Covid 19 times.

From Monday 6 September, we will operate a phased re-opening of the office to our customers and visitors.  The office will be open on an appointment basis only. To keep everyone safe, anyone who wishes to book an appointment, must first contact us by phone 0141 357 3773 or email info@partickha.org.uk to arrange a suitable time.  At this time our main reception will stay closed and we are unable to accommodate drop-in appointments until further notice.  

To keep you and our staff safe, our aim is to continue to undertake the majority of interactions via phone or email communication, tenants can also request a home visit from one of our staff.  Please contact us by phone 0141 357 3773 or email info@partickha.org.uk

If you have an allocated appointment, we ask that:

  • only one person visits us – if you require support from another individual (family member or friend) we can increase this to a maximum of two people
  • arrive at your appointment time (there is no waiting areas inside the building)
  • please ring the bell at the main reception door to let us know you have arrived. 
  • When you do come into the building, you must be wearing a face mask (unless exempt) and sanitise your hands. 

We will keep this arrangement under review and let you know when we are ready to move to the next phase of re-opening.

We are all looking forward to getting back out and visiting people in our communities, but ask that you continue to keep safe during visits.

You can help us by continuing to pay your rent via direct debit, bank transfer, at a PayPoint or Post Office or by using the Allpay App or Website.  We do not take cash at the office.  If you need more information, please get in touch.