"On July 26, 2023, the Johnstown Redevelopment Authority became aware that its subsidiary, Johnstown Regional Sewage, was the target of a phishing scheme that originated overseas," according to a statement released by JRA on Tuesday. "Multiple agencies are involved in the investigation, including the First National Bank Fraud Detection Bureau, the Cambria County District Attorney's Office, the Department of Homeland Security and the Federal Bureau of Investigation.
"Since the investigation is ongoing, the Johnstown Redevelopment Authority will not comment further pending the outcome of the investigation."
The Tribune-Democrat filed a Right-to-Know request seeking more information.
Phishing is an online scam that involves sending an email that appears to be from a legitimate well-known source. The recipient is asked to provide sensitive identifying information, transfer money or install software that is actually malware designed to infiltrate a computer system.
Former Windber resident Allan Liska, a threat intelligence analyst at Recorded Future and author of multiple cybersecurity books, including "Ransomware: Understand. Prevent. Recover," reviewed JRA's statement and offered general thoughts about phishing.
He did not know any specifics about the alleged JRA incident beyond the information released by the agency.
Liska said "the flag in there" is the mention of the First National Bank Fraud Detection Bureau, which indicates money could be involved.
He added that such phishing schemes are "surprisingly common."
"It's unfortunately very, very easy to fall victim to it," he said. "Local governments in particular are susceptible to these because they don't have a lot of controls in place, that, say a large Fortune 500 company does that will catch some of these."
Americans lost an estimated $40 billion to phishing scams in 2022, according to a report by TrueCaller, an app that blocks spam calls.
Liska emphasized "and that's just what is known."
©2023 The Tribune-Democrat, Distributed by Tribune Content Agency, LLC.