FM #407 Town Council Mtg - Spear Phishing Incident - 12/02/20 (audio)

FM #407 = This is the Franklin Matters radio show, number 407 in the series.

This session shares the Franklin, MA Town Council meeting held on Wednesday, Dec 2, 2020.

The meeting was conducted in a hybrid format: members of the Town Council, selected guests, and Town Administration personnel were in the Council Chambers, the public was remote via Zoom conference bridge, all to adhere to the ‘social distancing’ requirements of this pandemic period.

I’ve split the full four hour plus meeting into three logical segments:

• First - covers the opening through the first public hearing on the tax rate and subsequent votes to approve 14.65% as the rate for FY 2021 (1 hour and 5 minutes)
• Second - covers two of the public hearings; the Comcast contract renewal for 10 years, and the bylaw fee adjustment to reduce the fees for next year only to help the local restaurants during this COVID-19 pandemic period (36 mins)
• Third - covers the presentation on the spear phishing incident through to the meeting close. There was a 4 minute recess during this segment, I did remove most of the silence to reduce the time for this segment (where I could) (2 hours and 17 minutes)

The show notes contain links to the meeting agenda including documents released for this agenda.

Let’s listen to this segment of the Town Council meeting of Dec 2, 2020. Audio file => https://player.captivate.fm/episode/f5e26bfe-2d9c-4dd7-a68a-a652123f561d

--------------

Agenda document (and released supporting materials in one PDF)
https://www.franklinma.gov/sites/g/files/vyhlif591/f/agendas/12-02-2020_town_council_agenda.pdf
 
Agenda details with individual documents  
https://www.franklinma.gov/town-council/agenda/december-2-town-council-meeting-tax-rate-hearing

Spear phishing update folder
https://franklinma.gov/administrator/pages/spear-phishing

My notes from the meeting
https://www.franklinmatters.org/2020/12/town-council-meeting-comcast-contract.html  

--------------

We are now producing this in collaboration with Franklin.TV and Franklin Public Radio (wfpr.fm) or 102.9 on the Franklin area radio dial. 

This podcast is my public service effort for Franklin but we can't do it alone. We can always use your help.

How can you help?

• If you can use the information that you find here, please tell your friends and neighbors

• If you don't like something here, please let me know

Through this feedback loop we can continue to make improvements. I thank you for listening.

For additional information, please visit Franklinmatters.org/

If you have questions or comments you can reach me directly at shersteve @ gmail dot com

The music for the intro and exit was provided by Michael Clark and the group "East of Shirley". The piece is titled "Ernesto, manana"  c. Michael Clark & Tintype Tunes, 2008 and used with their permission.

I hope you enjoy!

------------------
You can also subscribe and listen to Franklin Matters audio on iTunes or your favorite podcast app; search in "podcasts" for "Franklin Matters"

 

Police Chief TJ Lynch updates on the ongoing police investigation

Town Council Meeting: Comcast contract, Spear phishing update, tax rate set

Quick Recap:

• Acting Town Clerk Nancy Danello reminds folks of the election Dec 5 
• Discussion on election 'rules' raised during citizen comments - debunked in Council discussion later, there are MA MGL and US voting rights statues but not the '30 page or rules doc mentioned'
• tax rate hearing was held. rate set at 14.65, a .14 cent increase of last year. The rate is a calculation that allows only a decision on a single rate or dual. Franklin is not in a position to use a dual rate so the Council voted for a single rate. The rest is a math exercise. I'll simplify the analysis later.
• Comcast cable contract came up for renewal, new one has a ten year term (good for us) as it enables Franklin to chose between Verizon or Comcast (or 'cut the cord'). Almost 5,000 user for Comcast in Franklin. One of the cable fees on both the Verizon and Comcast bill is what funds the Franklin TV cable operations (and coincidently an item on the agenda Weds was the quarterly transfer of funds from Verizon through Town of Franklin to Franklin TV - purely a pass through for accounting purposes)
• The bylaw to provide a reduction in license renewals for restaurants was approved at this second reading. It costs the Town approx. $13K in 'lost revenue' but will help each of the business in this pandemic period.
• Insights on the cyber theft incident were provided (finally) as the investigation (still ongoing) had developed enough info to be able to share. It was a target attack to the Treasurer/Collector over two months of email that led to a change in the processing of a payment that resulted in the diversion of funds. It was discovered in Sept when the real legitimate vendor came looking for their promised payment that had not been received. 
• The individual was suspended, salary reduced and will maintain position as this (while a significant mistake) was the only blemish on her work
• At one point in the meeting she stood up to apologize publicly (well done) 
• The investigation continues. The Town has obtained $200K from insurance to cover the loss. 
• The balance will come from the emergency fund within the water enterprise account (already set aside for emergencies - usually for broken water mains)
• There is a possibility of recovery of the funds. 
• There is no need to raise rates to cover for the loss
• Procedures were in place for creation of a wire transfer. Procedures will be modified to cover a change in a payment process.
• Additional training on cyber awareness will be conducted. All Town side personnel and School department central office personnel are currently part of this regular training (oddly, teachers (the largest segment of Town employees are not yet covered))
• After the presentation, a combined effort from Technology Director Tim Raposa, Police Chief TJ Lynch, and Town Administrator Jamie Hellen, the Council took a 3 minutes recess before getting into their Q&S and statements
• The presentation doc was posted to the Town page after the meeting. Future updates can be found on the same page  https://www.franklinma.gov/administrator/pages/spear-phishing

Photos captured and shared via Twitter during the meeting can be found in one album  https://photos.app.goo.gl/gpptq8gBudNDT8dx6

----
As with most meetings in this pandemic period, I took my notes via Twitter during the meeting reporting in real-time via the virtual session.
 
The Twitter hashtag can be found online  #TC1202
https://twitter.com/search?q=%23tc1202&src=typed_query 

• Real time reporting underway for the Town Council meeting #tc1202
• New tagline for those connecting via cable and wanting the Zoom info #tc1202 visible on screen
• Town clerk provides updates on election Dec 5 #tc1202 wheel chair available if necessary. All voting in FHS gym or via mail to the dropbox at municipal building before Saturday
• TC candidate Alan Earls in citizen comment about election law and practices. Is there really a set of rules around the election? Other than the state MGL #tc1202
• Moving to tax classification hearing #tc1202 house values increased 2.8% tax rate increase proposed for .14 cents. Doc with details https://franklinma.gov/sites/g/files/vyhlif591/f/mai/files/10a._20-68_0.pdf… TA Jamie Hellen introduces Assessor Kevin Doyle and Board of assessor present
• Annual tax rate setting formally closes out the budget year FY 2021. #tc1202 really only (1) an approval of what the tax calculation comes out as and (2) a decision on single rate. Runs 80/20 residential vs commercial/industrial properties. To move $1 from residents …
• As the pie grows (property values increase) the rate increase is less when the pie shrinks (property values decrease) the tax rate increases #tc1202 this slide shows the option if a dual rate was chosen
• The actual math to support the $1 vs $4 example mentioned earlier
• Council discussion adding clarification around the tax rate. This is an automatic calculation. Based upon the state law and prop 2 1/2 regulations there isn't much choice (aside from the dual tax rate). #tc1202 it is not an arbitrary number
• Motion to close tax classification hearing. Approved 8-0 moving to Legislation on tax rates to close out this portion of the topic. #tc1202 https://franklinma.gov/sites/g/files/vyhlif591/f/mai/files/10a._20-68.pdf…. Motion to approve res 20-68, passes 8-0 https://franklinma.gov/sites/g/files/vyhlif591/f/mai/files/10b._20-69_resolution_-_tax_classification_open_space_exemption.pdf… same vote to pass res 20-69
• https://franklinma.gov/sites/g/files/vyhlif591/f/mai/files/10c._20-70_resolution_-_tax_classification_small_business_exemption.pdf… motion passes by 8-0 vote; https://franklinma.gov/sites/g/files/vyhlif591/f/mai/files/10d._20-71_resolution_-_tax_classification_residential_property_exemption.pdf…
• Motion passes by 8-0 vote #tc1202
• Next up public hearing on Comcast cable license, renewal for 10 year period, https://franklinma.gov/town-council/agenda-items/10e-legislation-action-28… 4219 customers, 5% allowed for cable access, quarterly payments to help support Franklin TV operations; senior discount available, #tc1202
• TA Jamie Hellen provides overview #tc1202 do we need to commit for 10 year contract? Yes, there are other developments, there are almost 5000 customers here to serve. It is a reflection of the marketplace. It is in our interest to get longest contract.
• Cable attorney provides insights and argument for the long term contract, it is a win-win for Franklin, this meeting and broadcast of it is funded by the contract. If folks aren't happy they can shift to Verizon or cut the service. Enforcing the license is the easy part #tc1202
• The hard part is getting terms that work with both sides. Comcast has committed to a side letter on providing an electric program guide for Community TV. #tc1202 we provide the options Verizon and Comcast are here, competition, and if you cut cable go internet
• Motion to close hearing on cable, 7-1 vote to close hearing (Bissanti?) (Hard to tell who voted no) #tc1202 https://franklinma.gov/sites/g/files/vyhlif591/f/mai/files/summary_of_franklin_comcast_cable_license_renewal_draft_from_atty_wm_solomon_11.30.20_pdf_2.pdf… res 20-72 vote passes 7-1
• Moving to adjustment to service fees for restaurants, and alcohol license for season 2021 only https://franklinma.gov/sites/g/files/vyhlif591/f/mai/files/10f._20-863_fees.pdf… to help the business survive the pandemic. Costs the town approx $13k, second reading. Listing of business impacted in doc link above
• Opened public hearing on bylaw, no comments other than Councilor Hamblen endorsing the move. Hearing closed, motion to approve #tc1202 via roll call 8-0
• Picking back to the agenda, cyber incident now up. #tc1202 there is still an active situation with investigation underway. Resist speculation. Don't make up your own stories of what happen. Personnel matters can not be disclosed
• Tim Raposa, technology director, starting with definitions. As much of what has been mentioned in social media is inaccurate. #tc1202
• #tc1202 slides on definitions
• #tc1202 segmented network with virtual lab areas, a key for security access. You can't get where you shouldn't. Anti-malware is not 100% perfect
• Cyber security training for all users regularly #tc1202 key definition page as we get to phishing and spear phishing
• #tc1202 funds were for the water treatment plant construction underway off Grove St. Town has taken several steps
• Implementation of recovery and prevention started simultaneously in September #tc1202
• #tc1202 we need to tell the agencies about what happened so that they can possibly solve this down the road. Insufficient evidence to pursue a case
• Bonds are not insurance #tc1202
• #tc1202 option to pursue the bond is too expensive. Need 'willful conduct' to pursue.
• Chief Lynch comes to update and give Jamie a water break #tc1202 FPD needs helps as their jurisdiction is Franklin bound. Subpoena and search warrants take time to execute  and hindered by court reduction due to COVID-19
• #tc1202 procedure changes and training (certificate based)
• #tc1202 impressive statement by treasurer collector apologizing for the incident.
• 3 minute recess before getting to council questions and continue the meeting #tc1202
• #tc1202 meeting resumes
• #tc1202 are there chances to get the money back? The investigation is ongoing, I don't want to give a false sense of confidence. Likely not to get it back. We should resist temptation until the case is fully resolved.
• #tc1202 we need to make these trainings stick like the way sexual harassment training sticks.
• #tc1202 new webpage off the Town Administrator page for presentation doc and docs related to this going forward.  https://franklinma.gov/administrator/pages/spear-phishing
• #tc1202 how will training change to accommodate the changes in outside and technology to avoid further phishing events? The training is such that it is part of normal business email.
• #tc1202 there was a lot of info and I'll go back and re-read, was there a comment on the water rate payers vs well water users? Yes, private well not part of enterprise funds. It could be approx. $30. There is no need to raise rates to cover.
• #tc1202 Mercer "I apologize that it took so long to get to the point where we could share what we have tonight"
• Good to see the lights out around town, would be good to get a list of the houses that are festively decorated. Motion to adjourn, passes 8-0. That is all for tonight catch you next time #tc1202 

 audio of the meeting is being prepared to share so you can listen.

Town Administrator Jamie Hellen

National Tax Security Awareness Week, Day 4: Security Summit urges businesses to tighten security, offers new protections against identity theft

The Internal Revenue Service, state tax agencies and the tax industry urged businesses to be on guard as thieves try to use their stolen names and data to file fraudulent tax returns.

The partners, operating cooperatively as the Security Summit (https://www.irs.gov/newsroom/security-summit) to fight identity theft, marked the fourth day of National Tax Security Awareness Week with a warning to businesses to enact the strongest measures possible to protect their data and systems. The IRS also is planning additional steps to help businesses combat cybercriminals trying to steal their data.

“As the IRS and our partners have strengthened our security standards, identity thieves have looked for new ways to find sources of information, and businesses need to stay alert,” said IRS Commissioner Charles Rettig. “Businesses, just like individuals, can be victims of identity theft. Thieves may steal enough information to file a business tax return for refund or use other scams using the company’s identity.”

More than 70% of cyberattacks are aimed at businesses with 100 or fewer employees. Thieves may be targeting credit card information, the business identity information or employee identity information.

Business are encouraged to follow best practices from the Federal Trade Commission include:
 -   Set your security software to update automatically
 -  Back up important files
 -   Require strong passwords for all devices
 -   Encrypt devices
 -   Use multi-factor authentication

More information is available at FTC’s Cybersecurity for Small Businesses (https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity).

Businesses should especially be alert to any COVID-19 or tax-related phishing email scams that attempt to trick employees into opening embedded links or attachments. IRS related scams may be sent to phishing@irs.gov.

Starting Dec. 13, 2020, the IRS will begin masking sensitive information from business tax transcripts, the summary of corporate tax returns, to help prevent thieves from obtaining identifiable information that would allow them to file fake business tax returns.

Only financial entries will be fully visible. All other information will have varying masking rules. For example, only the first four letters of each first and last name – of individuals and businesses – will display. Only the last four digits of the Employer Identification Number will be visible.

The IRS also has publicly launched the Form 14039-B, Business Identity Theft Affidavit (https://www.irs.gov/pub/irs-pdf/f14039b.pdf), that will allow companies to proactively report possible identity theft to the IRS when, for example, the e-filed tax return is rejected.

Businesses should file the Form 14039-B if it receives a:
 -   Rejection notice for an electronically filed return because a return already is on file for that same period.
 -   Notice about a tax return that the entity didn't file.
 -   Notice about Forms W-2 filed with the Social Security Administration that the entity didn't file.
 -   Notice of a balance due that is not owed.

This form will enable the IRS to respond to the business much faster than in the past and work to resolve issues created by a fraudulent tax return. Businesses should not use the form if they experience a data breach but see no tax-related impact. For more information, see Identity Theft Central’s Business section (https://www.irs.gov/identity-theft-central).

Although the tax scams can come and go, all employers should remain alert to Form W-2 theft schemes. In the most common version, a thief poses as a high-ranking company executive who emails payroll employees and asks for a list of employees and their W-2s. Businesses often don’t know they’ve been scammed until a fraudulent return shows up in employees’ names.

There is a special reporting procedure for employers who experience the W-2 scam. It also may be found at Identity Theft Central’s Business section (https://www.irs.gov/identity-theft-central).

Finally, Security Summit partners urge businesses to keep their EIN application information current. Changes of address or responsible party may be reported using Form 8822-B (https://www.irs.gov/forms-pubs/about-form-8822-b).

 

Reminder: Changes in the responsible party must be reported to the IRS within 60 days. Current information can help the IRS find a point of contact to resolve identity theft and other issues.

The IRS, state tax agencies, the private sector tax industry, including tax professionals, work in partnership as the Security Summit to help protect taxpayers from identity theft and refund fraud. This is the third in a week-long series of tips to raise awareness about identity theft. See IRS.gov/securitysummit for more details. 

 

 IRS YouTube Video:  https://youtu.be/ELzTL6hQKQc   New Security Measures Help Protect Against Tax-Related Identity Theft 

Town of Franklin: Spear Phishing Incident Presentation Document - 12/02/2020

The summary document of the spear phishing incident as presented to the Franklin (MA) Town Council meeting on Wednesday, Dec 2, 2020. 

 

Direct link to presentation -> https://www2.slideshare.net/shersteve/town-of-franklin-spear-phishing-incident-recap-12022020

 

 

Town of Franklin: Spear Phishing Incident Recap - 12/02/2020 from Franklin Matters

 

Town Administrator Jamie Hellen presenting to the Town Council on 12/02/20

Phishing, spear phishing info

Via Cyber Security Intelligence:

"Spear phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for criminal reasons. A highly targeted form of phishing, spear phishing involves bespoke emails being sent to well-researched victims.

Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cyber criminals may also intend to install malware on a targeted user's computer.

Barracuda Network researchers worked with leading researchers at UC Berkeley and UC San Diego, to study the growing threat to business of email account crime using Spear Phishing methods.

It is all hard to spot without close inspection and difficult to stop with technical controls alone. In 2016 the Fancy Bear attack group used spear phishing tactics to target email accounts linked to Hilary Clinton’s 2016 presidential campaign. They attacked more than 1,800 Google accounts and implemented the accounts-google.com domain to threaten targeted users."

Continue reading the article online  https://www.cybersecurityintelligence.com/blog/spear-phishing-threats-and-trends-4902.html

 

How Big Is Phishing in 2020?

"It is big. Sadly, it is growing even bigger if historical data is any indicator for the imminent future.

Not all spam consists of phishing emails, but it’s safe to assume a spam message might be a phishing attempt. And there are tons of it, cluttering inboxes far and wide, as these phishing stats clearly show.

 -   Spam is 45% of all emails sent. (Source: Propeller)
 -   About 14.5 billion spam emails are sent every day. (Source: Propeller)"

Continue reading more about the phishing trends  https://hostingtribunal.com/blog/phishing-statistics/

Additional info can be found on the FBI page  https://www.fbi.gov/investigate/cyber

In the News: "misdirected to a third party"

From the Milford Daily News, articles of interest for Franklin:

"More than a month after a “spear phishing” attack swiped $522,000 from a town account, questions about what happened and what was done about it will be examined at the next Town Council meeting, according to council Chairman Tom Mercer.

During Wednesday's meeting, town councilors discussed the cyber security problem, which was reported in early October by town officials during a closed-door executive session.

More details about what happened will be revealed during the council’s next meeting on Dec. 2, said Mercer. Due to the nature of the topic, he said it could only be discussed in executive session, and that just one more meeting was needed before completing that confidential discussion.

Franklin police spokesperson Sgt. Brian Johnson said police had no update on the case as of Thursday, other than that it remains under investigation. "

Continue reading the article online (subscription may be required)

https://www.milforddailynews.com/story/news/2020/11/20/franklin-spear-phishing-cyber-attack/3775889001/

 

As a retired professional with experience in information security with financial industry firms, I find it disturbing that some among the Council are first to assume individual corruption. The circumstances of a spear phishing attack could happen to almost anyone. Check out the FBI information to be aware of such attacks and how to protect yourself.  https://www.fbi.gov/investigate/cyber

 

Other sources of information security on cyber attacks

• https://krebsonsecurity.com/2020/11/godaddy-employees-used-in-attacks-on-multiple-cryptocurrency-services/
• https://www.sailpoint.com/blog/why-working-from-home-opened-a-cybersecurity-pandoras-box/
• https://www.mcafee.com/blogs/consumer/consumer-threat-notices/cyber-monday-is-coming-10-tips-to-protect-you-from-online-shopping-scams/

 

 

https://www.fbi.gov/investigate/cyber

DLS Alert: Commonwealth Employees Targeted by Phishing Campaign

The following is a notification from the Massachusetts Executive Office of Technology Services and Security (EOTSS). Commonwealth Employees Targeted by Phishing Campaign Curtis M. Wood - EOTSS Secretary and Chief Information Officer As many of us in state and municipal government are increasingly conducting our work remotely, the cybersecurity risks of data breaches, disclosures of sensitive data, and targeted cybersecurity threats have increased. As you will see below, we are seeing a rise in malicious cyber attacks, specifically aggressive phishing campaigns over e-mail and texts. The Commonwealth continues to be in contact with our federal partners at the Department of Homeland Security to stay vigilant of emerging cyberthreats and remains on high alert to protect Commonwealth systems and ensure continuity of government operations. The Commonwealth has recently been the target of an aggressive phishing and smishing campaign. The malicious actors are using free e-mail services, such as g-mail, to create fake e-mail accounts designed to impersonate Commonwealth Leadership and are using social engineering tactics to elicit a sense of urgency. In addition to e-mail, the scammers have started using text messages as another way to phish our community. This technique, often referred to as smishing or SMS phishing, is a text-message based variation of traditional phishing scams, and a growing cyber threat. This particular campaign does not contain any links or malicious documents, but rather requests that the user purchase a gift card on behalf of the executive. If you receive an e-mail or a text message requesting you to purchase a gift card, to pay by gift card, or to wire money – for any reason – that's a sure sign of scam. Any correspondence, whether e-mail or SMS-based, imploring (or even threatening) the need for an immediate response, should be treated with healthy skepticism. Remember to pay attention to key warning signs: False sense of urgency External e-mail address as either the sender or the reply-to address Misspellings and Typos Consider the purpose; is this someone you'd typically correspond with? Be wary of suspicious attachments and links

read the red outlines for details on what to look for

  

read the red outlines for details on what to look for 1

How You Can Protect Yourself from Hackers and Scammers

Protect Yourself from Hackers and Scammers Hackers try to exploit vulnerabilities in your computer or phone. To steal your personal information, they trick you into downloading malicious software to your device so they can take control. And scammers try to get you to let your guard down by making up a story to get your money or information. But there's plenty you can do to protect your personal information and your wallet. Protect the Devices You Connect to the Internet Take steps to protect your computer from malware like viruses and spyware. And find out how to protect your personal information before you get rid of an old computer. Find out how to protect the data on your phone and how to erase that information before you get rid of your phone. Learn what you can do to keep your voice assistant private and secure. Know How to Avoid a Scam If someone says you must pay by wiring money through Western Union or MoneyGram, by putting money on a gift card and then giving them the number on the back, or with cryptocurrency, it's a scam. Learn how to recognize and avoid common scams you might see in your inbox, on your phone, or online. Scammers send phishing emails and phishing text messages to try to steal your personal information. They may demand you pay a ransom by Bitcoin or say they have info about a FedEx package delivery for you. Romance scammers create fake profiles on dating apps or social media sites to trick you into sending money. Tech support scammers want you to pay them to fix a non-existent computer problem. Report Scammers If you spot a scam — or something you think is a scam — reporting it can help the FTC protect you and your community. Report it at ReportFraud.ftc.gov.

“In general, cyberattacks have increased since the COVID-19 crisis came into affect"

From the Milford Daily News, an article of interest for Franklin:

"Town officials announced Thursday night that the town was victimized by a “spear phishing” attack that resulted in $522,000 being “misdirected to a third party.”

The attack did not affect the town’s general fund, but rather a non-general fund account, said Town Administrator Jamie Hellen.

“I have been reassured that Franklin’s electronic data is secure,” Hellen said in a press release. “There is currently no evidence of a breach of our systems. All personal information, accounts and town software systems have been found not to be compromised. The incident was not a ransomware attack.”

Spear phishing involves sending emails, posing as trusted sender, with the goal to infect a specific target’s devices with malware or to steal information and/or money. Comparatively, phishing is less targeted toward specific victims and is more random, casting a wider net than spear phishing attacks."

Continue reading the article online (subscription may be required) https://www.milforddailynews.com/news/20201009/franklin-loses-522k-to-spear-phishing-cyberattack?rssfeed=true

In case you missed the original announcement of the phishing attack:  https://www.franklinmatters.org/2020/10/town-of-franklin-spear-phishing-attack.html

On Friday, Oct 9, Jamie and I recorded our "Talk Franklin" episode and discussed this incident in more detail. You'll be able to hear that shortly.  https://anchor.fm/letstalkfranklin/

 

https://anchor.fm/letstalkfranklin/

 

 

Town of Franklin: Spear Phishing Attack Announcement

October 8, 2020

To:    Town of Franklin Residents
From: Jamie Hellen, Town Administrator

The Town of Franklin is cautioning all residents and employees to be mindful of the sharp increase in malicious cyber fraud and email phishing attempts. The Town of Franklin is announcing today that it has itself been the victim of a recent “spear-phishing” attack. A payment of $522,000 was misdirected to a third party.

The matter has been turned over to the Franklin Police Department who are working with state and federal authorities, for a complete criminal investigation. In addition, the Town has retained as special counsel in connection with this matter an attorney to coordinate and work with the authorities on this matter. Attorneys for the Town have requested there be no further comment on the investigation until the appropriate time when all of the facts have been gathered and the Franklin Police Department has completed its investigation.

I have been reassured that Franklin’s electronic data is secure. There is currently no evidence of a breach of our systems. All personal information, accounts and town software systems have been found not to be compromised. The incident was not a ransomware attack.

I also wish to note that this incident has not affected the Town’s general fund. It occurred in connection with a non-general fund account. The Town is implementing new procedures and protocols to limit future incidents of this type and urges all to guard against increased fraud.

For further resources and information on cyber-crime, threats and spear-phishing, please visit the Federal Bureau of Investigation’s (FBI) cyber-crime website here:
https://www.fbi.gov/investigate/cyber

--------------

Shared via ToF Twitter account   https://twitter.com/TOFranklinMA/status/1314341421135147013   which contained the following PDF  https://www.franklinma.gov/sites/g/files/vyhlif591/f/uploads/2020-10-08_spear_phishing_attack_announcement_.pdf

 

Town of Franklin: Spear Phishing Attack Announcement

 

The Associated Press (@AP): awareness of potential foreign threats to election

"U.S. officials have issued multiple advisories in recent weeks about potential foreign threats in #Election2020, and what Americans can do to be prepared. 

A look at some of the warnings: https://t.co/MqTBNLsIQP"

 

"The FBI and the Department of Homeland Security’s cybersecurity agency have issued a series of advisories in recent weeks aimed at warning voters about problems that could surface in the election — as well as steps Americans can take to counter the foreign interference threat.

The issues identified in the public service announcements run the gamut from the spread of online disinformation about the electoral process to cyberattacks targeting election infrastructure. Taken together, the advisories make clear that American agencies are tracking a broad range of potential threats that they believe voters should know about — not just for transparency’s sake but also so voters can be prepared."

Continue reading the article online  https://twitter.com/AP/status/1313788704650125312?s=03

 

The Associated Press (@AP):  awareness of potential foreign threats to election

Senate Passes General Government, IT Bond Bill Conference Committee Report

The Massachusetts State Senate passed a General Government, IT Bond Bill Conference Committee Report today, which authorizes $1.8 billion in investments to modernize the Commonwealth's general government infrastructure, improve cybersecurity capabilities, empower communities disproportionately impacted by the criminal justice system, support early education and care providers, and expand access to remote learning opportunities for vulnerable populations during the COVID-19 pandemic.

Senate-led priorities in the report include the following:

• $65M in economic empowerment and justice reinvestment capital grants to support communities disproportionately impacted by the criminal justice system with access to economic and workforce development opportunities;

• $50M to enhance and expand access to K through 12 remote learning technology for vulnerable populations during the COVID-19 pandemic;

• $37M for a food security grant program to address infrastructure needs for farms, retailers, fisheries, food system food distribution channels to address growing food insecurity and food supply chain needs across the Commonwealth due to the COVID-19 pandemic;

• $25M to assist licensed early education and care providers and after school programs with capital improvements to ensure safe reopening during the COVID-19 public health emergency;

• $20M for a body camera grant program for police departments to ensure accountability in public safety;

• $10M for a statewide criminal justice data system modernization to help better track racial and ethnic disparities across the judicial and public safety systems;

• $5M for the creation of a common application option for Mass Health and Medicare Savings Program applicants to apply for SNAP at the same time, use the same core eligibility information and verifications;

• $2.9M for public health data warehouse for the analysis of population health trends including health trends and health inequities related to the COVID-19 pandemic;

• $2.5M for implementation of an automated electronic sealing process to seal certain criminal records.

The final bill now goes to the Governor for his signature.

Senate Passes General Government, IT Bond Bill Conference Committee Report

In the New: An example of why you never share your password

From the Milford Daily News, articles of interest for Franklin:

A British man, a Florida man and a Florida teen were identified by authorities Friday as the hackers who earlier this month took over Twitter accounts of prominent politicians, celebrities and technology moguls to scam people around the globe out of more than $100,000 in Bitcoin.

Graham Ivan Clark, 17, was arrested Friday in Tampa, where the Hillsborough State Attorney’s Office will prosecute him as adult. He faces 30 felony charges, according to a news release. Mason Sheppard, 19, of Bognor Regis, U.K., and Nima Fazeli, 22, of Orlando, were charged in California federal court.

In one of the most high-profile security breaches in recent years, hackers sent out bogus tweets on July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.

....

Twitter previously said hackers used the phone to fool the social media company’s employees into giving them access. It said hackers targeted “a small number of employees through a phone spear-phishing attack.”

“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” the company tweeted.

After stealing employee credentials and getting into Twitter’s systems, the hackers were able to target other employees who had access to account support tools, the company said.

Continue reading the article online (subscription may be required)
https://www.milforddailynews.com/zz/news/20200731/3-charged-in-massive-twitter-hack-bitcoin-scam/1?rssfeed=true 

Follow Franklin Matters on Twitter - https://twitter.com/FranklinMatters

Invitation to Cyber Security Webinar - August 12

Good Afternoon All,

I hope everyone is trying to stay cool in this heat.

Michele Carlow from CTS Services and I wanted to invite you all to join us on August 12th at 10:00 AM for:

"What You Need to Know NOW About The Dangers of Evolving Cyber Threats!"

Click on the link below to register.

Description: Protecting Your ASSets from Hackers On The Dark Web

Cyber breaches are on the rise and hackers are targeting businesses of all sizes – including yours! All SMBs are under attack by cyber criminals! Vigilance, training and smart use of technology are essential. Every employee plays a key role in helping to protect the company's assets. It's time for you to understand the DARK WEB and why it matters to your business. Join us for an eye opening 45 minute presentation about the dark web and the steps to protect yourself. Compliance requirements may be at risk if your employees' credentials are available for sale on the dark web. A FREE dark web scan of your business email address will be offered to all who register. (A replay will be available!)

During this webinar you will learn:

• What the Dark Web is and why it matters to your business
• How digital credentials are compromised
• What attackers can do with this information
• Real-world examples (Yes, it can happen to anyone)
• Steps you can take to protect your company
• Why IGNORING your dark web risks will only harm your business

Time: Wednesday, Aug 12, 2020 10:00 AM in Eastern Time (US and Canada)

Registration Link: https://zoom.us/webinar/register/WN_764q9v36RkKep0TkW7t3Mg


Thanks,

Jack


Jack Lank, IOM
President & CEO
The United Regional Chamber of Commerce
310 South Street
Plainville, MA 02762
Phone: 508-316-0861
www.unitedregionalchamber.org
"People Do Business With People They Know"

Invitation to Cyber Security Webinar - August 12

US Census: Putting 2020 Census Rumors to Rest

"Every decade, technology plays a greater role in the way the census is conducted. But in 2020, the first time anyone who wants to respond to the census online has that option, the greatest change may come from the way all of us use technology.

For the first time during a decennial census, the majority of people in the United States are using digital and social media in their everyday lives.

“The rise of digital and social media use has exponentially increased the speed of how accurate and inaccurate information can spread,” said Stephen Buckner, assistant director for communications at the U.S. Census Bureau. “We know that many people may not know what the census is because it happens only every 10 years, making it a likely target for misinformation and disinformation campaigns, which is why we’ve been actively preparing to defend against them.”

The Census Bureau is ready for these challenges."

Continue reading the article online
https://www.census.gov/library/stories/2020/02/putting-2020-census-rumors-to-rest.html?

YouTube video link = https://youtu.be/EKUBQlcFjVw