St. George officials warn businesses after email accounts compromised

City leaders urge caution as hackers use trusted email accounts to send malicious links and scams.

What happened

St. George city officials have issued a cybersecurity alert after hackers compromised several local business email accounts and used them to send malicious messages to their contacts. At least a dozen businesses have been impacted, with the total scope of the incident still under investigation.

The compromised emails are being used to send phishing messages that may contain malware, request login credentials, or attempt to collect payments, sometimes in cryptocurrency. Because the emails appear to come from trusted contacts, many recipients are more likely to click without suspicion.

Going deeper

According to Jordan Goethe, the city's technology administrator, this type of scam exploits the familiarity between senders and recipients. Once an account is taken over, attackers send out emails that appear legitimate, making them harder to detect.

Goethe outlines best practices to reduce the risk of falling victim: use a 16-character passphrase, enable multi-factor authentication, and consider password managers like Bitwarden or Google's tool. He also stressed calling the sender directly rather than replying to the email when anything seems unusual.

Several compromised accounts were found redirecting responses to the same inbox, which may indicate coordination among attackers, though it's still unclear whether the threat originates locally or externally.

What was said

“You’re like, okay, I know this person. You click on a link without even thinking twice,” said Goethe. “It could happen to anyone, and it’s really unfortunate.”

He noted that red flags include urgent-sounding messages or instructions not to respond using normal methods of communication.

“If you’re a local business, it may be time to update your password,” he added.

FAQs

How do phishing attacks through trusted email contacts work?

Hackers gain access to a real email account and use it to send malicious links or requests to people who already trust that sender, increasing the chance of successful deception.

What’s the difference between a password and a passphrase?

A passphrase is a longer, more complex combination of words or characters (e.g., “CoffeeBook!Planet2025”) that is harder to crack but easier to remember than a random string of characters.

Why is multi-factor authentication (MFA) important?

MFA adds an extra layer of security by requiring a second form of verification, like a code sent to your phone, making it harder for attackers to access your account even if they steal your password.

How can businesses recognize a compromised email?

Look for signs like unexpected messages being sent, contacts reporting strange emails, or reply-to addresses being changed to unknown domains.

What should a business do immediately after discovering a compromised email account?

Change all passwords, enable MFA, notify contacts not to interact with previous emails, and consult with IT professionals to secure accounts and investigate potential data exposure.