Scammer posing as Mayor Hill steals from residents
April 11, 2019
“Are you available?”
The recipient responds. It escalates.
“The Mayor says, ‘I’m in a bind. I’m stuck in Juneau and I lost my wallet, can you do me the favor of going and getting gift cards and emailing me the information?’ You think, ‘Mayor Jan Hill needs me!’” borough manager Debra Schnabel relayed this week, detailing two scam attempts to extract $800 from a Haines resident and a borough employee member by posing as Hill via email.
The initial scam robbed a community member of $500 that was never recovered, Schnabel said. The person didn’t realize they had been scammed until much later.
The second attempt happened last week and targeted a borough employee. “The staff member bought the cards, went back to their computer and sent the numbers scratched off,” Schnabel said. “As soon as they did that, they realized they’d been scammed. They notified the front office and one of our employees called the originator of the cards and was able to recoup some of the money.”
Since the money had not yet been accessed, Schnabel said the card company was able to reimburse the purchaser $200 of the total $300 spent.
This week, the Haines Borough Facebook page warned community members of the scam.
“Check the e-mail address when receiving a message supposedly from someone you communicate with frequently via e-mail. This scammer obviously got the name wrong, too, but in a rush, a recipient might not notice,” the post reads.
The scammer emailed from firstname.lastname@example.org, different than the email@example.com borough format.
Hill warned the Haines Borough Assembly on Tuesday that these scam attempts are still happening. “I know many borough employees got an email supposedly from me asking for help,” she said. “I got one today from another Mayor in the Kenai saying ‘I need your assistance’ and I just picked up the phone and called him. Turns out it wasn’t him.”
Haines Borough internet technology consultant Austin Neal said he has seen dozens of targeted, individualized scams and malware attacks in Haines in the last few weeks. Neal said they are attempting to trace the source, but it is “extremely difficult or even impossible.”
“Initial indications are that these emails originate outside of the U.S.,” he said.
The borough’s cybersecurity costs are proposed to increase by almost $20,000, or 20 percent, in the manager’s draft 2020 budget released last week.
“The hacking and ransom of the Matanuska-Sustina Borough computer system and the Valdez system have necessitated a more intensive program of maintenance to ensure security and reduce financial risk,” Schnabel wrote in the budget.
In July, the two communities were victims of debilitating malware attacks that infected their systems and caused them to shut down and revert to typewriters for weeks.
The attacks cost the Matanuska-Sustina Borough $2 million in repairs and increased security, and Valdez paid the ransom of nearly $27,000 to regain control of their operating system.
Improved updates to Haines’ cybersecurity would pay for equipment to expand backup capabilities and develop a comprehensive disaster recovery plan, Neal said.
“The threat of cyber attacks is arguably one of the most overlooked but most serious threats that we face today.”
IT consultants have also warned assembly members that by listing their email addresses on the borough website, they are increasing their chances of being targeted by a scam.
“Staff acknowledges the value of constituent access to elected officials and is reluctant to unilaterally remove your contact information,” Schnabel wrote in her manager’s report to the assembly.
“We’re easy targets because we walk that line between wanting to be open and transparent but at the same time, we are vulnerable every time we step out of the door,” she said.