Peterborough, a small town in New Hampshire, lost $2.3 million after BEC scammers diverted some bank transfers using forged documents obtained by employees of the town’s finance department in various email exchanges.
BEC fraudsters use various methods, such as phishing and social engineering, to compromise or deceive their victims’ business email accounts, allowing them to redirect pending or future payments to their own bank accounts.
Town officials got wind of the attack on July 26 when the ConVal school district told them that they were not receiving a monthly payment of $1.2 million.
On August 18, staff at Peterborough’s finance department discovered during the investigation that two other bank transfers originally intended for a general contractor for the town’s Main Street Bridge project were also diverted to the attackers’ bank accounts.
“Investigations into these forged email exchanges showed that they originated overseas. These criminals were very sophisticated and took advantage of the transparent nature of public sector work to identify the most valuable transactions and focus their actions on diverting those transfers,” Select Board Chair Tyler Ward and Town Administrator Nicole MacStay said in a press release Monday.
Financial department employees targeted in the BEC scam are now on leave pending the conclusion of the ongoing investigation by the U.S. Secret Service’s Cyber Fraud Task Force. However, they are not believed to have anything to do with the attack.
Last year, the FBI’s annual cybercrime report targeting U.S. victims showed a record number of complaints and financial losses exceeding adjusted losses of more than $1.8 billion by 2020.
For more information, read the original story in BleepingComputer.