One Errant Click Leads to 8 Million Spam Messages and Statewide Email Problems for Oregon Government

A state employee apparently fell for a phishing scam, which led to a host of problems for emails hosted under the oregon.gov domain.

by Hillary Borrud, The Oregonian / June 20, 2018

(TNS) — Oregon's state technology workers are scrambling to fix a problem that is preventing thousands of government employees from corresponding with members of the public via email.

Several private email providers have blacklisted the state email domain Oregon.gov after a state employee apparently clicked on a phishing email earlier this month that allowed a hacker to access the state's computer system.

"The malicious link hijacked the state-owned PC and generated over eight million spam emails from an Oregon.gov email address," state officials wrote in an email explaining the situation to employees on Friday.

Now, private citizens with certain email providers can't receive emails from state employees.

The state posted notice of the situation on Gov. Kate Brown's homepage. Through her spokesman Bryan Hockaday, Brown declined to say whether the state's cyber security is adequate. Hockaday would only respond to questions by email, and wrote that Brown does have concerns about the current situation.

So what can members of the public do if they need to communicate with state government employees? Amy Williams, a spokeswoman for the Department of Administrative Services, wrote in an email that one option is to use "an alternate email address with a provider who is not listed below." Williams also recommended that members of the public include their phone numbers when emailing the state.

Here is the email Oregon officials sent to state employees on Friday:

Agency Directors,

Late last week, a state employee appears to have clicked on a phishing email. The malicious link hijacked the state-owned PC and generated over eight million spam emails from an Oregon.gov email address. This happened over the weekend and was caught on Monday. Unfortunately, we did not catch it before external mail providers downgraded the Oregon.gov sender reputation score — a score that shows how mailbox providers view your IP address.

As a result of this incident, mail from Oregon.gov has been blacklisted by certain providers, including:

@outlook.com

@msn.com

@hotmail.com

@live.com

What does this mean?

Mail from any state employee with an @oregon.gov email address sent to any of the email domains listed above will not be received.

What are we doing?

DAS IT is working closely with Enterprise Technology Services and the Enterprise Security Office, who are going through proper channels to restore the Oregon.gov sender reputation score. Unfortunately, this will take some time to resolve. We will keep you updated as we know more.

In the meantime, this is a good opportunity to remind staff of the importance of information security. This short video on phishing provides guidelines on how to protect employees and the computer assets we rely on every day. The video is part of the Enterprise Security Office's information security awareness video series, which provides a variety of resources on information security.

©2018 The Oregonian (Portland, Ore.), Distributed by Tribune Content Agency, LLC.