Cybersecurity & Email Safety
The City of Richmond, like many organizations, can be a target for cybercrime. We have experienced instances of cybercrime over the past few months and continue to work to prevent such attacks and protect the information and online safety of our customers and staff.
We are aware that some fraudulent email messages have been circulating claiming to be from City staff, municipal officials, and Gateway Theatre staff. When the City discovered the intrusion into the email system in June 2023, it took immediate steps to mitigate the risk of impact and remediate the attack by engaging a team of cybersecurity experts to contain and investigate the incident, in accordance with industry best practices.
There is no indication any outside party has accessed the City’s financial or human resources data, or any other enterprise systems or databases. City operations were not impacted and business continues as normal. However, in the interest of transparency, we want people to know that fraudulent emails continue to circulate.
The following provides important information about the City's ongoing cybersecurity initiatives and how to remain safe in an online environment.
What has the City of Richmond done?
The City of Richmond engaged cybersecurity experts in June 2023 to investigate, contain and remediate the incident that occurred at that time. The City also placed a public warning regarding fraudulent e-mails on its website, and social media channels. Local media was also advised of the situation.
This criminal activity was reported to the RCMP and to the Office of the Information & Privacy Commissioner for British Columbia.
Fraudulent email messages often contain a fake PDF file attachment or a link to a website in an attempt to spread malware to harm your device and/or computer network.
Do not click on any attachments or links provided in those e-mails.
If you have received something that does not look or feel right, trust your instincts. All official City or Gateway Theatre communications will ONLY come from an official @richmond.ca or @gatewaytheatre.com e-mail address.
What is “phishing” and “smishing”?
It is important to know what phishing is, and what you can do to protect yourself from online fraud.
Fraudsters use all kinds of methods to trick innocent people into sharing personal information (name, date of birth, social insurance number, banking information, etc.), to send money, or spread “malware”, malicious software designed to harm or exploit your devices or networks.
A common tactic is sending “phishing” (fraudulent e-mails) or “smishing” (fraudulent text) messages. These messages may appear real, and fraudsters will claim to come from reputable companies or institutions like the City. These messages may include legitimate brands, colours, legal disclaimers, or other information that give the impression they are from that organization. Although they may appear legitimate, these messages sometimes - but not always - contain small inconsistencies or mistakes, such as typos in e-mail addresses or slightly altered logos. The sender email address may also be different to that of the business or organization it claims to be from (for example, a supposed bank notice sent from a Gmail or Hotmail address). Using a right-click on an email address will usually reveal what the sender's actual email address is.
You can learn more about phishing attacks by visiting the Canadian Center for Cyber Security website, including the following cyber security guidance webpage:
Don't take the bait: Recognize and avoid phishing attacks
How can you protect yourself?
To protect yourself from the risk of identity theft or fraud, we recommend:
- If you receive emails or text messages claiming to be from the City of Richmond or Gateway Theatre asking for account or any other personal information that you were not expecting, please consider the email or text to be fraudulent and disregard it.
- Never respond to unsolicited requests for your financial information. The City, and most legitimate institutions, will not ask you to send such information on email or over the phone.
- Remain vigilant about any unexpected transactions.
- As an added measure of security, monitoring of your accounts, online identity and services should be considered.
You can also report any activity to the Canadian Anti-Fraud Centre. Do not hesitate to contact your local police if you are a victim of fraud.
If you have any questions, please contact the City of Richmond directly at firstname.lastname@example.org or by calling us at 604-276-4000 during business hours of 8:15am to 5:00pm, Monday to Friday excluding holidays.