You are here

Colorado Town Sends Over $1 Million to BEC Scammers

Colorado Town Sends Over $1 Million to BEC Scammers

Created: Tuesday, January 7, 2020 - 14:53
Categories:
Cybersecurity

A town in Colorado recently lost more than $1 million to a business email compromise scam when municipal employees sent funds to a bank account controlled by the scammers. The fraudsters used an electronic form on the town's website to request a change to the payment information on a contract for a construction company. "Specifically, the change was to receive payments via electronic funds transfer rather than by check," said the town administrator "Although town staff checked some of the information on the form for accuracy, they did not verify the authenticity of the submission with {the construction company]; they accepted the form and updated the payment method.," he added. Additionally, once the fraudulent account received the money, the perpetrators sent the funds out of the country, ostensibly making it more difficult to capture.  The fraud was confirmed when the town was was alerted by the bank of a possible fraud attempt and when the construction company informed the town that the payment method request had not been made from its end. Following the incident, the town first removed the contact form from the website and temporarily discontinued electronic payments. A finance manager and an accounting manager position were also added to the staff scheme to add additional oversight to future financial operations. The town currently working with its insurers to secure reimbursement for the loss and the FBI to investigate the case. As WaterISAC has previously reported, the FBI has been able to help some BEC scam victims regain their stolen funds (especially in cases where the scams were quickly reported to the FBI). Reports should be filed with the FBI’s Internet Crime Complaint Center (IC3). Read the articles at The Denver Post and Bleeping Computer.