If you ever wonder why phishing scammers continue to try myriad ways of ripping people off you need look no further than this.
The El Paso Times this week reported that the city had been scammed out of $3.2 million through a phishing scheme that targeted municipality’s street car development program.
+More on Network World: FBI snags group that allegedly pinched 23,000 or $6.7 million worth of iPhones
El Paso Mayor Oscar Leeser said the city became aware of the scheme in October after the city’s CFO discovered that a $300,000 vendor payment had been redirected to a different account. Shortly after, a $2.9 million payment was misdirected to a fraudulent vendor the Times reported.
The city chose to keep the information secret so as not to hamper an ongoing FBI/law enforcement investigation.
“It’s an ongoing investigation and we never wanted to jeopardize the ability to regain the taxpayers’ money and also to hamper the ability of law enforcement to be able to do their jobs,” Leeser said in the Times report. “So, it was very important to us that we did everything possible to keep it from going out public and then ruining the possibility of ever recovering the money and, then again, stopping law enforcement from ever doing their job.”
+More on Network World: Yikes! 10,000 IRS impersonation scam calls are placed every week+
The details of the scheme were not discussed but officials did say they have managed to recover about $2 million.
While this wasn’t a clear case of it, FBI says that the so-called business e-mail compromise scam has caused $2.3 billion in losses to 17,642 business and non-profit organizations in the U.S. and other countries since October 2013, with the number of victims nearly tripling since January 2015.
The FBI wrote of these “business e-mail compromise scam” victims range from large corporations to tech companies to small businesses to non-profit organizations. Many times, the fraud targets businesses that work with foreign suppliers or regularly perform wire transfer payments.
The Federal Trade Commission also wrote of business phishing scams this year saying: “Social media websites, a company’s own website, and news reports can give employees’ names, job titles, email addresses, and telephone numbers, as well as information about the company’s business dealings. Fraudsters also pose as third parties – perhaps the company’s bank, a vendor, or someone legitimately seeking information – in phishing emails and pretexting calls designed to trick employees into disclosing confidential information.”
“The subjects are able to accurately identify the individuals and protocol necessary to perform wire transfers within a specific business environment. Victims may also first receive “phishing” e-mails requesting additional details of the business or individual being targeted (name, travel dates, etc). Some victims reported being a victim of various Scareware or Ransomware cyber intrusions, immediately preceding a BEC scam request,” the FBI says.
With a company’s information, scammers can spoof, or fake, an email to an employee who they know can transfer money or pay invoices for the company, making the email look like it’s coming from an executive officer, regular vendor or other trusted source. In some cases, hackers break into a company’s email system and send urgent requests for money transfers. Once the money is wired, it can be nearly impossible to recover, the FTC wrote.
Check out these other hot stories: