Skip to Main Content View Text-Only

The City of Portland, Oregon

Office of Management & Finance

Bureau of Technology Services

BTS HelpDesk: 503-823-5199

111 SW Columbia St, Suite 400, Portland, OR 97201

Welcome to our blog. Here we will let you know the latest happenings in the information security world.

Business Email Compromise (BEC) attacks continue

By Christopher Paidhrin

Social Engineering (email phishing) attacks hijack payments intended for City contractors

Another Business Email Compromise (BEC) attack.

Today it's the City of Burlington, ON, for $503,000.

City of Portland payment processes include multiple account change validations that prevent this type of compromise.

Thanks for staying vigilant. 

Zelle Vulnerability exploited (mobile banking app)

By Christopher Paidhrin 0 Comments

NBC Nightly News (video segment) 2019-06-11. Social engineering attacks focused on a popular banking app.

Zelle user bank accounts compromised through social engineering:

-- Many banks partner with Zelle to provide mobile banking services. This NBC News video segment may be of interest.

Further Details on how scammers are creating unauthorized Zelle accounts through social engineering:


1) Activate Multi-Factor Authentication (MFA) for access to your bank account, regardless of device or location.

2) Activate bank transaction 'alerts', which means your bank will send you a text message when a transaction occurs.

     A number of banks will also let you decide minimum thresholds for notification, such as $100.00 or above.

3) Check your bank account regularly to look for any unauthorized or unanticipated charges or transactions.

4) Never respond to text prompts or calls that request passwords, passcodes, PINs, or account information. Only provide your bank or card service provider with information when you have contacted them through a secure login website or when you have called them through a published contact phone number.

Be safe out there!

Baltimore Ransomware Update: $18M and counting

By Christopher Paidhrin 0 Comments

Baltimore Finance Director provides updated cost projections for ransomware recovery and projected lost revenue

Baltimore's ransomware recovery continues with cost projections of $10M in recovery and forensic expenses--so far, and "about $8 million in (lost) revenue."

Phishing tests: how to handle clickers

By Brian Ventura

This article discusses how a security team should handle people failing a phishing test

This is a good write-up from one of the major phishing vendors discussing what to do when individuals fail internal phishing tests.

Brian Krebs is an independent, security-focused reporter. He is often first to report on complex, previously unknown scams.

Question: Does the City of Portland perform internal phishing tests? Yes we do.