Phishing incident gets Oregon.gov emails blacklisted by Microsoft, again

Oregon state government employees on Tuesday regained the ability to email people with certain email suffixes after a state employee fell victim to a phishing attack that briefly resulted in the state being blacklisted by email services offered by Microsoft.

According to an internal memo sent to agency directors by state Chief Information Officer Terrence Woods last week, state employees had lost the ability to send emails to Microsoft-operated email addresses, including those ending in outlook.com, msn.com, hotmail.com and live.com.

It was at least the third time in 12 months that a compromised email account has affected email service in the state government and resulted in employees not being able to communicate with Microsoft users. A similar incident occurred last month, according to Woods’ memo, and another last June.

“Once again, this has negatively affected the state’s sender reputation score – a score that shows how mailbox providers view our IP address,” Woods wrote in his memo.

After a state employee clicked on a link in a phishing email, an outside actor was able to launch a spam campaign from the employee’s account, according to The Oregonian. In last year’s breach, the attacker sent more than eight million emails using the government account before the state regained control.

Though some Oregon agencies operate on a shared email service, others, such as the Department of State Lands, operate their own. Woods recommended agencies operating their own email services implement two-factor authentication and disable access to Outlook Web Access, Microsoft’s web-based email client.

The state has not disclosed the agency responsible for the latest blacklisting.

After working with Microsoft, a department spokesperson confirmed to StateScoop that the state’s reputation score has been restored.

Woods was not available to comment for this story.