A case of Business Email Compromise cost the city of Griffin, Georgia, more than $800,000.
The BEC and wire transfer scam used by hackers is a common one. One of the city's "known and trusted vendors" sent new wiring instructions to the city—except the new instructions were really from hackers pretending to be the vendor.
Local media outlet, The Grip, talked to police about the case:
"... a company they use for the water treatment facilities (PF Moon) sent an email requesting an account change and needed to update information. Everything looked accurate on the email so the information was exchanged. The first transaction went through on June 21 for $581,180.51. The second transaction went through on June 26, 2019, for $221,318.78. It was found later that the email address used was not the correct email."
Griffin City Manager Kenny Smith told The Grip that the city believes its vendor's email was compromised prior to the attack:
"Whoever fraudulently sent that invoice knew that we did business with that company, knew the project done by this company and the cost of that project," he says. "They knew the invoice amounts in relation to the project worked on."
This sounds almost exactly like what happened to the Catholic church that sent hackers $1.7 million.
Protecting yourself against Business Email Compromise (BEC)
SecureWorld offers resources to defend your organization against this type of BEC fraud.
Our complimentary web conference, Email Fraud Case Studies and Defenses, is a great place to start. It is available on-demand.
And learn in person about BEC at all eight SecureWorld conferences this fall.
Keynote presenter Stephen Dougherty is a cyber-enabled financial crime investigator contracted to the United States Secret Service's Global Investigative Operations Center (GIOC).
Because of his role, he studies the latest TTPs cybercriminals are using in email fraud. In his keynote, he'll also explain the steps any organization can take to disrupt the process and reduce the cyber risk from this attack vector.