Authorities in the American city of Peterborough in New Hampshire said they lost $ 2.3 million as fraudsters tricked city employees into sending a series of large payments to their accounts. City employees who have been tricked by scammers are currently on leave. Investigators say they were unlikely to have been involved in the attacks.
As you might guess, this is a business email compromise (BEC). As a rule, such attacks involve the compromise of a legitimate email account of one of the target company’s employees. The attackers then use the account to send fake emails from employees of the same company or its partners and use social engineering to convince them to transfer funds to fake accounts under the guise of fake invoices and fictitious transactions.
The incident in Peterborough was first reported on July 26 after the ConVal School District informed city officials that the $ 1.2 million monthly transfer had not been received. An investigation into the incident showed that the money went into the pockets of the fraudsters, moreover, two more large payments were sent there, which were intended for contractors involved in repairing the local bridge.
In this case, the criminals did not hack into city officials, but simply used email spoofing and social engineering (fake documents), thereby forcing the city to redirect payments to its own accounts.
US Secret Service officials, who were called in to investigate the incident, told officials that the stolen city funds were promptly laundered and converted into cryptocurrency. It will no longer be possible to recover the stolen by cancelling transactions, and the city authorities doubt that these losses can be covered by insurance.
It should be noted that according to the FBI, the BEC scam remains one of the most serious threats to companies and organizations. So, in 2020, such scams caused losses in the amount of $ 1.8 billion, which amounted to about 43% of all lost funds over the past year.
Catch up on more stories here
Follow us on Facebook here