Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner. Facebook Messenger An icon of the facebook messenger app logo. Facebook An icon of a facebook f logo. Facebook Messenger An icon of the Twitter app logo. LinkedIn An icon of the LinkedIn logo. WhatsApp Messenger An icon of the Whatsapp messenger app logo. Email An icon of an mail envelope. Copy link A decentered black square over a white square.
Home News Angus & The Mearns

Hackers access Angus Council email system in bid to dupe service users

By Jake Keith

Cyber fraudsters managed to gain access to Angus Council’s email system before contacting locals in a bid to steal bank details.

The phishing attempt has seen hundreds contacted from the official @angus.gov.uk email address.

Titled ‘BACS Payments’, it directs the recipients to a site set-up to obtain log-in details from users.

Angus Council has urged anyone who has received the email to delete it.

John Phillip, who was one of those to open it, says he’s worried vulnerable or elderly people will be scammed.

He said: “Users outwith Angus Council and carers and disabled people send receipts and bank statements in as per their direct payment agreement.

“Some of them will not be knowledgeable enough about IT to be aware of the risk.

“Others will click the attachment believing it’s something affecting their direct payments or a demand for repayment and submit email address and password for their accounts – thus giving the bad actor access to more accounts and personal information.”

Organisations are required by law to protect personal data and ensure adequate anti-virus systems are in place.

It comes just a year after Dundee & Angus College was shut down for days after a cyber attack on its IT systems.

Police investigating after cybercriminals try to hold Tayside college to ransom using ‘violent virus’

Mr Phillip added: “I called the Accessline and they were unaware the email had been sent outwith the council.

“Whoever it was clearly had access to an Angus Council email account.

“I would have hoped that someone working in the payments division would have been more security conscious given their role and the data they handle.”

Council ‘very confident’ it wasn’t compromised

An Angus Council spokesperson said “A phishing attempt was made to steal credentials and to send out other emails to internal and external contacts from an Angus Council user account.

“Our IT department blocked the access to the phishing site that was trying to gather credentials and as an additional counter measure have disabled accounts and reset passwords on all internal users that opened the email.

“We are very confident no systems have been compromised or data lost and this phishing attempt has had no operational effect.

Perth firm exposes thousands of cyber criminals exploiting coronavirus pandemic

“Any external users that received an email from Angus Council entitled BACS PAYMENT required should delete the email.

“We are no different to any other large organisation with a high number of users, in that we are a potential target for phishing scams.

“We have robust security policies, procedures and training in place to prevent these.”