Over the last couple of weeks, the Jewish Community Relations Council has been notifying community organizations about these recent events – which follow similar attempts to communities in New Jersey and Tennessee.
“(Two weeks ago), we were advised by one of the first organizations that this happened to,” said Dan Plekkenpol, the JCRC’s security director. “We learned shortly after that this was happening nationwide. There’s identical language in the emails that are being sent out.”
The JCRC has served as the Twin Cities Jewish community hub for security-related issues, and while that has typically been anti-Semitism throughout the community, these issues have been on the JCRC’s radar for the last few years.
“In 2017-2018, the JCRC organized a series of cyber educational sessions for Jewish organizations,” said JCRC Director of Communications and Community Security Anthony Sussman. “We worked with FRSecure, a local information security consulting company, to educate the Jewish community about data privacy, protection, and website vulnerabilities. We focused on information security best practices, asset management, and business continuity planning. The JCRC will continue to provide information security education in 2020 and beyond.”
The type of spam in this particular case is called “Spear Phishing.” In this case, an email is sent coming from the name of someone you know – in this case, a rabbi or executive director. But a close look will show some sort of misspelling in the email address, or the address it was sent from not being the one that the person named actually uses.
Miranda Weisbuch, the executive director at Adath Jeshurun, one of the congregations whose staff was affected, said it was surprising when congregants notified her.
“It’s one of those things that is frustrating because someone is preying on the relationship between the clergy and a congregant,” she said. “We all think we aren’t going to fall for it. But some look like they could easily be from the rabbi asking you to do something.”
Plekkenpol said the most important thing people can do when they receive these emails is to report their receipt, even if it’s redundant to other people reporting.
“If we didn’t get first report, we may not have known,” Plekkenpol said. “Reporting helps with scalability and to trigger a higher level of response. Everyone should report so know what we’ve going on.”