The cyberattack on the Colonial Pipeline earlier this month — an effort that caused massive shortages in gas — drew national and global attention.
But, as any cybersecurity expert will say, for every attack you hear about that, there are many more you don’t.
On Friday afternoon, Trenton Mayor Reed Gusciora announced the city will launch updated cybersecurity employee training as a result of a cyberattack in February.
Gusciora said the city successfully stopped a sophisticated phishing scheme that used fake email addresses and URLs to closely mimic official city accounts — but that it is taking no chances moving forward. Gusciora said the attack was one of “several” the city has fended off in the past year.
“As such, we’re launching updated training modules for city employees to ensure those attacks continue to be unsuccessful in the future,” he said.
The scam, which started targeting Trenton’s Request for Quote process in February, was uncovered by Trenton’s information technology department, under the direction of Chief Technology Officer Joseph Rivera.
Cybercriminals posing as the city business administrator — complete with phony emails and phone numbers — sent fraudulent RFQs to vendors for potentially millions in stolen goods. Rivera said he was able to track down that a spoof website was created on NameCheap.com called “trent0nNJ.org,” with an email of acruz@trent0nnj.org.
After notifying vendors of the situation, Gusciora said Trenton officials reached out to the Trenton office of the U.S. Secret Service, which worked to shut down the site.
Guscioria said efforts to prevent damage from the scam have been successful, and no losses have been incurred by the city.
This event follows another attempted cyberattack in spring 2020, in which a hacker diverted upward of $982,000 in funds from the city of Trenton in relation to Brit Global Insurance Co. Trenton’s IT department worked with the company as part of an extensive forensic audit that proved the city was not at fault for the breach. As a result, Brit Global Insurance refunded the stolen funds to the city.
“All it takes is one mistake for a cybercriminal to breach a network and potentially cost us hundreds of thousands of dollars in phony costs,” Rivera said. “That’s why we’re excited to finally roll out the same type of cybersecurity training that is now standard at both the local and state level, so our employees don’t let their guard down in the future.”