The official email address for Pine Plains’ building inspector was used this month to send at least two unsolicited document links to residents after what town officials described as a hack of the account, raising questions about cybersecurity risks and whether the town should have warned residents more broadly after the incident.
Supervisor Brian Walsh confirmed the breach of Building Inspector Ed Casazza’s email and said the town notified its IT provider. “He did get hacked,” Walsh said. “I didn’t hear exactly what it was, that he got hacked with, or what the website was, or anything. You pass that along to the IT and the IT does whatever they do.”
Walsh described the messages as a phishing attempt, in which a fraudulent link could expose recipients to risk if opened. On Saturday, May 16, Casazza told the Herald that he notified the people he could reach about the hack but that he was still using the account and he had not been given instructions from town officials on what security steps to take.
The Herald found no public notice about the incident on the town website as of Wednesday, May 20, more than a week after residents reported receiving the emails. A Town Board newsletter dated May 18 also made no mention of the compromised account or the suspicious emails sent to residents.
Denise Bottiglieri said her husband, Ed Bona, received one of the emails on May 12. A copy of the message showed that it came from the building inspector’s town email address and directed the recipient to open a document link.
Bottiglieri said she and her husband had no open permits or other business before the Cassaza’s office. “It just looked weird because — even if it did come from Ed — why would we get this?” Bottiglieri said.
Rather than respond to the email, Bottiglieri said, she called Casazza, who told her his account had been hacked and the town was handling it.
Image courtesy Denise Bottiglieri
Another resident, Peter Salerno, posted a warning on May 12 in the Pine Plains Community group on Facebook, saying he had also received an email, which asked him to open a document, that appeared to come from Casazza.
“I left a voicemail asking if it was genuine,” Salerno wrote. “Ed Casazza left me a voicemail saying he had been hacked and I should not open it. It is a scam, either phishing to get your bank information, or malware to plant a virus.”
Casazza told the Herald he did not know how many people received the emails or what the messages said. Asked whether the town planned to create a new email account for him, Casazza said, “No, they just left me with this. I told them about it. I don’t know what they’re doing.”
Walsh said the town’s IT provider handles cybersecurity issues. “It’s above my expertise by far,” he said. “So, I don’t know, they block stuff out. Whatever link it came from gets blocked, and we can’t receive anything from it.”
Walsh added that he believes whoever sent the messages only had access to send material from Casazza’s email address, not to the town’s computer system, records, or stored emails.
Bottiglieri was not only concerned about the hack but also about the town’s failure to raise awareness of it. “You have a lot of elderly people here that are not aware of it and they think like, what is this?” she said. “They get nervous and they click on the link. Before you know it, it takes you to some bad actor who is trying to scam you out of something.”
Asked whether the town would warn residents, Walsh said, “If there’s something that goes out through a hack and we pick it up and we get notified with it, then, yes, we’ll post something on the website and whatnot.”