Warnings / Alerts 2017

2017 Phishing EmailNovember 3

On November 3, 2017, the City of Canton was the target of an email Spear Phishing attack.

The email was sent from a Gmail account, which should be the first clue to the users that it was not a legitimate email from the City’s Information Technology (IT) Department, official emails will only come from CantonOhio.gov email addresses, and the users should recognize the sender’s name!

Changing Passwords

The City of Canton’s employees are being advised to not follow the link on the email.

If any of the City’s employees have followed the link and entered information on the site then they need to contact The City of Canton’s IT Hot Line immediately. They also need to change any and all passwords that they think might be the same as the information they entered on the bad website! That applies to any personal (social/financial/shopping/etc.) sites that they visit.

As a security precaution, we are temporarily only allowing users to log in to the City’s website from Trusted IP addresses

June 25

On June 25, 2017, several Ohio State Government web sites were defaced, the hackers made use of exploits that target un-patched Windows Operating System servers. We have received a few comments and questions from the public and outside entities regarding these hacks, so we decided to address them here.

The City of Canton’s web facing servers are currently running Linux Operating Systems and are not able to be compromised using the methods that were used on the State’s computers.

Security Scans

The City of Canton’s web sites also undergo regular 3rd party security scans for known vulnerabilities, such as the ones mentioned above, and the City hasn’t had any vulnerabilities show up since 2008.  We also try to keep up-to-date on current security issues and proactively make any changes that are needed prior to there being an incident.

None of the City’s IT Department managed servers with direct access from the internet are known to be vulnerable (we can’t speak for servers managed by outside entities). None of the City’s IT Department managed servers were compromised.