top of page
Search

Cybersecurity Threats in Alaska: Real Incidents, Real Lessons

How often do we hear that someone’s personal or business information has been compromised by malware or phishing—right here in Alaska, far from the hustle and bustle of the Lower 48?

The truth is simple: cybercriminals don’t care where you live, what you do, or how large your business is. They don’t care about your age, your family, your community, or your company’s mission. Whether you’re in downtown Seattle or a remote Alaska community, their motivation is the same—money and opportunity. And for some, the thrill of outsmarting someone is part of the game.

Below are real examples of incidents that happened here in Alaska—showing just how easily these schemes can unfold when we least expect them.


Example 1: A Six-Figure Equipment Purchase Gone Wrong


Imagine this: You’ve been planning a major equipment purchase for months—over $100,000. Your management team and the seller have exchanged dozens of emails. Everything looks consistent, familiar, and legitimate.

Then, on the day the payment is scheduled, Accounts Payable receives an email from the seller:

“We’ve updated our banking information. Please send the funds to the new account listed on the attached invoice.”

The email comes from the same address, is formatted exactly like the previous emails, and is addressed to the same employee. It feels routine. The payment has been approved and processed via ACH.


Several days later…The real seller reaches out:


“We’re checking in—when should we expect the payment?”


That’s when the panic begins.


IT staff begin investigating. What they find is unsettling:

  • A phishing attacker had been quietly monitoring the email chain for months.

  • On the day the funds were due, the attacker sent a nearly identical invoice—with one letter changed in the sender’s address and the bank information swapped.

  • The seller’s account had been compromised when an employee previously clicked a phishing link.

The result? Both companies suffered financial loss, and both had to overhaul their security practices. The attacker? Gone without a trace.


Example 2: Payroll Phishing with a Familiar Face


Now imagine you work in payroll. You open your inbox and see a message from an employee:

“Hi, I need to update my direct deposit account. Can you help me with it?”

Common request. Nothing unusual.


But here’s the catch:

If you hover over the sender’s email address, instead of seeing the employee’s familiar address, you see a string of random characters—an impersonation designed to trick you.

Sometimes these messages ask for:

  • Bank account changes

  • Social Security numbers

  • Pay stubs or net/gross pay details

  • Copies of IDs or tax documents

Because payroll and HR information is so sensitive, these departments are prime targets for identity theft and financial fraud.


Example 3: “Urgent! Click Here Now!”


Many businesses have received emails like:

  • “Your invoice is past due—open attachment immediately.”

  • “Your account will be closed today unless you verify your information.”

  • “Manager requested that you review this document ASAP.”


The attackers count on urgency to override caution. One click on a malicious link or attachment can install malware, give attackers access to emails, or expose sensitive documents.


Strengthening Cybersecurity in Businesses


Preventing these schemes requires more than good instincts—it demands consistent training, verification procedures, and a workplace culture that treats cybersecurity seriously.


Key steps every organization should implement:


1. Employee Training

  • Teach staff how phishing works and what to look for as suspicious signs.

  • Use interactive exercises, simulated phishing emails, and periodic refreshers.


2. Verification Procedures

If a vendor, employee, or partner asks to change:

  • bank accounts

  • email addresses

  • authorized managers

  • payment instructions

…always verify using a secondary communication method (phone call to a known number, a separate email thread, or in-person confirmation).


3. Technical Safeguards

  • Enable multi-factor authentication (MFA).

  • Use spam filters and email scanning tools.

  • Require strong passwords and regular updates.

  • Keep software and systems patched.


Conclusion: Cybersecurity Isn’t Optional—Even in Alaska


Cyber threats aren’t limited to major metropolitan areas; they reach into every community, including ours. The incidents show that even well-established companies with experienced teams can fall victim when attackers exploit trust, routine, and familiarity. By building strong verification practices, training employees to recognize suspicious activity, and investing in protective technologies, organizations can significantly reduce their risk.


Cybersecurity isn’t just an IT responsibility—it’s a shared organizational commitment to safeguarding our people, our data, and our future.


 
 
 

Comments

bottom of page