Portland and Ottawa Victims of Wire Fraud
The City of Portland, Oregon announced on May 27th, 2022, that it had launched a cybersecurity investigation in relation to a fraudulent financial transaction of $1.4 million that took place in late April 2022. To date, city officials have determined that the unauthorized transaction was made using a compromised city email account. Though unrelated, a similar incident took place in Canada involving the City of Ottawa the same month. In this instance, the city reported a fraudulent transaction made on April 11 of $558,000 that was supposed to have been made to the local Salvation Army homeless shelter. The transaction was pulled off by the perpetrators shortly after they successfully compromised the Salvation Army’s systems. This is the second time that the city of Ottawa has fallen prey to this type of attack. In 2019, the city was scammed out of nearly $130,000 by a whaling scam (a type of email attack that targets high level executives or the C-suite) in which the city’s treasurer responded to an email sent from the city manager asking that a financial transaction be sent.
|IDENTIFY INDICATORS OF COMPROMISE (IOC)|
Portland officials became aware of the fraudulent transaction when the perpetrator attempted another transaction involving the same account on May 17th. In the Ottawa case, a city staff member noticed an irregularity with the payment made to the shelter and immediately contacted city leaders.
|CONTAINMENT (If IoCs are identified)|
Immediately after discovering the transaction discrepancy, the city of Ottawa took immediate legal action to recover the money lost in the fraud scheme. They contacted the local Ottawa police as well as the bank that handled the transaction. In addition, the Salvation Army has fully cooperated with the ongoing investigation. Thanks to the quick actions of Ottawa city managers, the city was able to recover nearly all the $558,000. While the money has been recovered, the investigation into how the criminals were able to successfully pull off the scam is still under investigation. The city of Portland has not yet recovered their lost funds. An investigation involving the FBI, the U.S. Secret Service and the Portland Police Bureau remains ongoing. The city is also conducting an internal review of all its security policies and protocols to identify weaknesses and ensure that this type of incident does not occur again.
Because wire fraud is so prevalent in this digital age, all organizations need to have policies and procedures in place to prevent these types of transaction scams.
Ensure your Incident Response Readiness (IRR) in the event of attack. Review your security and risk profile.