IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

California County Issues Warning After Phishing Attempt

Tehama County officials have issued a warning that they had received an email asking for payment. The county advised those who received the email not to respond to it and refrain from providing any information.

(TNS) — Tehama County is rooting out a phishing scam that tried to worm itself into the county's system.

On Friday, the county received notification of a phishing attempt. Chief Administrative Officer Gabriel Hydrick said the county responded immediately, with engineers quickly securing the account in question. The password was reset, the message was recalled and a warning message was sent out to those recipients that could not be recalled.

The county Monday morning sent out an email to its employees and associates informing them they had received an email asking for "payment" or "ach information" or the like. The county advised those who received the email not to respond to it and refrain from providing any information. Resting passwords was recommended as well.

"Tehama County personnel is undergoing a rapid deployment of enhanced security measures, including 2FA," the email reads. "While this incident is just a single email account, these measures are being rapidly adopted to prevent scam emails ASAP. If you have any questions, our technical team is happy to assist as these measures are being rolled out."

Regarding the next steps, Hydrick said the county has a project in the works to upgrade Microsoft 365 security for all county staff under the Apex umbrella. It allows for a standard version of the office suite and additional collaborative features such as teams and SharePoint.

"We are also rolling out Duo MFA to further secure all the accounts managed by Apex," he added.

Recently the county learned that an unauthorized party gained access to the county's IT network between Nov. 18, 2021, and April 9, 2022.

An investigation was launched, law enforcement was notified and a review of the incident let the county learn that files containing residents' personnel information were accessed. This information included a person's name, date of birth, mailing address, Social Security number, driver's license number and information related to services received from Social Services.

The county said to help prevent a similar incident from occurring in the future it had implemented enhanced monitoring and alerting software.

©2023 Red Bluff Daily News, Distributed by Tribune Content Agency, LLC.