Published: November 09, 2009 11:47 pm      

County thwarts e-mail scam

Bogus message sent from Nigeria

It took the Information Systems Department for Howard County about 30 minutes to determine an e-mail requesting information from county employees was a phishing expedition.

Anyone with an e-mail account has experienced numerous spam messages offering money and vacations. All are seeking personal information that would not be requested through an e-mail by reputable companies, banks or government agencies.

The e-mail was received by a select number of employees on Oct. 29. The county’s Information Systems Department was notified and started to trace where the bogus message originated.

The message wanted the person’s e-mail address, user name, password, date of birth, contact address and telephone number, according to Terry Tribby, director of the Howard County Information Systems Department.

Jeremy Stevens, network administrator, said it was a valid e-mail address but one not used by the county for approximately 18 months.

“They phished our Web site,” Stevens said. “They harvested a select few e-mail accounts. It was not that sophisticated.”

The e-mail looked like it was sent by the county’s computer department.

Tribby said employees receiving the e-mail contacted the Information Systems Department, which found the request unusual because of the information being requested.

“I told them to never give out user names or passwords,” he said.

Stevens said the e-mail came from a gmail account through Google. He said the county contacted the Google abuse department and forwarded a copy to the Federal Trade Commission. The Howard County Sheriff Department also was contacted.

“All we know is it came from a Google account,” Stevens said. “If it had been sent locally, why did it have an old e-mail address?”

The Information Systems Department set up a fake account and replied to the original e-mail message, he said.

Tribby said the next morning the county discovered there were three log-ins to the account from someone’s computer.

The county was able to trace the e-mail back to where it came from and discovered it came from a Washington, D.C., account that had a block of addresses.

Stevens said the sheriff department contacted AS Technologies in Washington and found out the e-mail was sent from Nigeria. He said the Internet portal was based in a foreign country.

Tribby said the intruder would not have been able to lock up the county’s computer system but could have stolen someone’s identity and sent out e-mails as coming from county officials.

Stevens said most of the spam e-mails are filtered out by equipment the county has on the computer system.

Tribby said there is no local investigation because the e-mail originated out of the country.

“No company will ever ask for a user name or password through an e-mail,” he said. “You’re not going to win a million dollars or a trip to Hawaii. It’s always a scam.”

Larry Murrell, Howard County attorney, said the e-mail was handled by the IT department and investigated by the sheriff department.

“There was no criminal action to pursue,” he said.



• Ken de la Bastide is the Kokomo Tribune enterprise editor. He can be reached at 765-454-8580 or via e-mail at ken.delabastide@kokomotribune.com