Description
The mayor of Plymouth, Connecticut reported on the mayor’s office Facebook page that the town had fallen victim to a sophisticated social engineering scam. Cybercriminals had compromised the accounts of one of the town’s vendors a month earlier, gaining access to information about an ongoing project for the town. Using this knowledge, the scammers sent fraudulent invoices to the town’s financial department. While the invoice amounts were accurate, the payment instructions had been altered to direct funds to the cybercriminals. As a result, two separate payments of $104,150 each were mistakenly sent to the scammers instead of the legitimate vendor.
Actions Taken
The town promptly reported the incident to local law enforcement, who are now collaborating with the FBI in an ongoing investigation. On August 28, shortly after the scam was made public, the town’s Finance Director resigned and the search for a replacement is underway. The mayor’s office has assured residents that the town’s insurance policy will cover the financial losses incurred. They have also stated that there is no suspicion of any internal involvement in the fraudulent activity.
Prevention
In this case, the Finance Director resigned because the department failed to authenticate the payment information. This could easily have been conducted by:
- Establishing a multi-step verification process for any changes to vendor information or payment instructions.
- Requiring verbal confirmation through known, verified phone numbers for any changes to financial transactions.
Instances like this highlight the importance of basic training for employees. Even small organizations can conduct cybersecurity awareness training that emphasizes recognizing social engineering attacks and the critical need to verify requests related to financial transactions.
This scam was facilitated by the initial breach of the vendor’s systems. The perpetrators gained access to email accounts and company data, enabling them to execute their fraudulent scheme. To mitigate such risks, organizations should implement multi-factor authentication (MFA) for accounts associated with financial roles. This additional layer of security in the authentication process can significantly reduce the likelihood of unauthorized access, even if passwords are compromised. Proper vetting of their third-party vendors by the town may have negated the relationship with the vendor due to security vulnerabilities.
A thorough security assessment of third-party vendors by the town could have potentially identified vulnerabilities in the vendor’s systems. This may have allowed the town to reconsider the partnership before the breach occurred.
HALOCK recognized in 2024 Verizon Data Breach Investigations Report (DBIR) on how to estimate risk.
Estimate risk based on real threat data. Read Appendix D in the 2024 Verizon Data Breach Investigations Report (DBIR) to augment your risk analysis.