Cybersecurity expert warns Vermont of evolving phishing schemes
Cybersecurity expert warns Vermont of evolving phishing schemes
https://www.mynbc5.com/article/phishing-scams-evolving-norwich-university-cybersecurity/70738999
Publish Date: 2026-03-13 18:19:00
Source Domain: www.mynbc5.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
A cybersecurity expert says the phishing scam that cost the Chittenden Solid Waste District $3 million should be a wake-up call to individuals, municipalities, businesses, and other organizations everywhere.”The scammers are getting better at what they’re doing out there,” warned George Silowash, who leads cybersecurity efforts at Norwich University. “It’s only going to get worse.”In an exclusive NBC5 News interview this week, the waste and recycling handlers at CSWD explained that an ultra-realistic invoice came in via email, using names, photos, and other credible information they thought came from a trusted partner on a project to build a major new recycling facility in Williston. However, it was a phony invoice, CSWD Executive Director Sarah Reeves said. Despite its normal checks and balances, the municipality ended up wiring $3 million to the scammers, Reeves said. She insisted construction on the new recycling center will continue in the wake of the $3 million loss.Silowash said scammers often abuse publicly available information about organizations, such as staff lists, logos, or announcements about contracts to build a credible phishing attempt. He said he fears the rise of artificial intelligence will only help scammers make their attempts more convincing.”AI is going to make things much worse and much more authentic,” Silowash predicted. “That’s going to allow attackers to scale rather quickly and gather that information quickly. But not only that, AI is getting very good at duplicating voices. With that type of thing, you need to have certain controls in place, such as having passwords that are only known internally—a code word that you would have to say over the phone to prove your authenticity.”Silowash strongly recommends organizations invest in regular, high-quality cybersecurity awareness training. He also encouraged businesses, towns, and non-profit groups to create multiple layers of oversight for significant financial transactions, and to double-check invoices with vendors by picking up the phone and calling them at a trusted number. He said not to simply rely on the number in an email signature line because those can be fake, too, redirecting you to a fraudster.Reeves told NBC5 News that CSWD wanted to go public with its problem to raise much-needed awareness of business scams.”Part of the reason that we’re doing this, we’re talking about it, is because there’s a certain level of shame attached to it when you’re gotten,” Reeves said. “We want to help dispel that notion of shame. This is a crime. You are a victim of this when this happens to you, and we need to talk about it so that more people aren’t victimized in the future.”Reeves said no one will lose their job because of this. She emphasized that the district is taking a very close look at its internal controls and training while law enforcement continues its ongoing investigations.The municipality does not receive money from income taxes or property taxes, so the crime will not impact tax bills, CSWD said. It also said user rates will not be going up because of this. Instead, the municipality will likely have to cover the $3 million loss with budget cuts this year and next year, Reeves said. She said CSWD will also explore a possible property sale of its current recycling facility once the new center is open.In NBC5’s original report on this phishing scheme, Vermont Attorney General Charity Clark said information on her office’s website and on the website of the Federal Trade Commission could help small businesses and other organizations avoid falling prey to a scam.Previous coverage: $3 Million Stolen from CSWD in Phishing Scheme
NORTHFIELD, Vt. — A cybersecurity expert says the phishing scam that cost the Chittenden Solid Waste District $3 million should be a wake-up call to individuals, municipalities, businesses, and other organizations everywhere.”The scammers are getting better at what they’re doing out there,” warned George Silowash, who leads cybersecurity efforts at Norwich University. “It’s only going to get worse.”
In an exclusive NBC5 News interview this week, the waste and recycling handlers at CSWD explained that an ultra-realistic invoice came in via email, using names, photos, and other credible information they thought came from a trusted partner on a project to build a major new recycling facility in Williston. However, it was a phony invoice, CSWD Executive Director Sarah Reeves said. Despite its normal checks and balances, the municipality ended up wiring $3 million to the scammers, Reeves said. She insisted construction on the new recycling center will continue in the wake of the $3 million loss.Silowash said scammers often abuse publicly available information about organizations, such as staff lists, logos, or announcements about contracts to build a credible phishing attempt. He said he fears the rise of artificial intelligence will only help scammers make their attempts more convincing.”AI is going to make things much worse and much more authentic,” Silowash predicted. “That’s going to allow attackers to scale rather quickly and gather that information quickly. But not only that, AI is getting very good at duplicating voices. With that type of thing, you need to have certain controls in place, such as having passwords that are only known internally—a code word that you would have to say over the phone to prove your authenticity.”
Silowash strongly recommends organizations invest in regular, high-quality cybersecurity awareness training. He also encouraged businesses, towns, and non-profit groups to create multiple layers of oversight for significant financial transactions, and to double-check invoices with vendors by picking up the phone and calling them at a trusted number. He said not to simply rely on the number in an email signature line because those can be fake, too, redirecting you to a fraudster.
Reeves told NBC5 News that CSWD wanted to go public with its problem to raise much-needed awareness of business scams.”Part of the reason that we’re doing this, we’re talking about it, is because there’s a certain level of shame attached to it when you’re gotten,” Reeves said. “We want to help dispel that notion of shame. This is a crime. You are a victim of this when this happens to you, and we need to talk about it so that more people aren’t victimized in the future.”Reeves said no one will lose their job because of this. She emphasized that the district is taking a very close look at its internal controls and training while law enforcement continues its ongoing investigations.The municipality does not receive money from income taxes or property taxes, so the crime will not impact tax bills, CSWD said. It also said user rates will not be going up because of this. Instead, the municipality will likely have to cover the $3 million loss with budget cuts this year and next year, Reeves said. She said CSWD will also explore a possible property sale of its current recycling facility once the new center is open.In NBC5’s original report on this phishing scheme, Vermont Attorney General Charity Clark said information on her office’s website and on the website of the Federal Trade Commission could help small businesses and other organizations avoid falling prey to a scam.Previous coverage: $3 Million Stolen from CSWD in Phishing Scheme
