Los Alamos County’s email system, which is hosted as cloud-based services, was attacked in February in an apparent phishing scam. Phishing is a fraudulent attempt by email to obtain sensitive information for a malicious reason. While it is believed that the attack was contained to a single email account in the Public Works Department, the County turned the matter over to the Los Alamos Police Department for investigation. Affected employees have been notified and LAPD Investigations conducted a thorough investigation of this incident.
The County uses multiple layers of anti-virus and anti-malware protections. Phishing emails are problematic in that they try to look like legitimate emails, and may even use familiar looking addresses or official names or titles. Their goal is to obtain personal information, quite often as part of a larger identity theft operation.
The Human Resources division issued letters to employees who might have been impacted by the scam and has placed these individuals in a credit monitoring service for one year at no cost to the employee.
County Manager Harry Burgess commented on the phishing scam, urging residents to be cautious of any suspicious email.
“Phishing scams such as this are becoming more sophisticated worldwide. We take security of our employee data very seriously. While it does not appear that any data was compromised, we are being cautious and proactively taking steps to safeguard against future misuse of this information,” he said, “This type of situation appears to be happening across New Mexico. While the County very much regrets that this incident has occurred, we encourage all employees – and our community – to become more proactive in preventing phishing.”
For general information to help protect e-mails or accounts against phishing, visit: