City payments intended for a vendor working at a new high school in a Massachusetts town were diverted to a foreign hacking group through a complicated email scheme that netted $445,945.73, the city manager announced. Arlington City Manager Jim Feeney wrote in a letter that the scheme began in September when city employees received legitimate emails about payment processing from the vendor, which was working on the Arlington High School project. Arlington. At the time, the city was unaware that certain employee email accounts were already compromised. Feeney did not identify the organization suspected of perpetrating the fraud, but said the group “is well-resourced and located overseas.” He said his scheme involved phishing, spoofing, social engineering and compromised email accounts. “They took the opportunity to impersonate the vendor with a genuine-looking email domain, requesting a change in their payment method from check to electronic funds transfer,” Feeney said. . “The scam was aided by the fabrication and subsequent deletion of emails from employees’ accounts, as well as the creation of inbox rules to manage and hide incoming messages.” Four monthly payments were transferred before the vendor contacted the city in February to report it had not received the expected amount. money. “It became immediately clear that we had been defrauded, so we alerted authorities and our banking institution, began a digital forensic investigation, hired a breach trainer, and instituted immediate response measures to protect our network,” Feeney said. The investigation determined that the city’s Microsoft-based systems were infiltrated between September 12 and January 30. “It was also discovered that there were other attempts to intercept electronic payments totaling approximately $5 million during this period. Fortunately, these attempts were unsuccessful,” Feeney said. So far, Feeney said the city’s banking partner has been able to recover only $3,308 and that the municipality has filed a claim with his insurer to “hopefully further compensate for the loss.” The Arlington High School Building Committee voted Tuesday to pay the vendor money it was owed using the project fund. Any payments that are recovered will be returned to the fund, Feeney said. “I want to emphasize that this loss does not negatively impact the completion of the high school construction project in any way,” she wrote. In the wake of cybercrime, Feeney said the city has instituted mandatory security training and changes to information technology protocols.
ARLINGTON, Massachusetts—
City payments intended for a vendor working at a new high school in a Massachusetts town were diverted to a foreign hacking group through a complicated email scheme that netted $445,945.73, the city manager announced.
Arlington City Manager Jim Feeney wrote in a letter that the scheme began in September when city employees received legitimate emails about payment processing from the vendor, which was working on the Arlington High School project. Arlington. At the time, the city was unaware that certain employee email accounts were already compromised.
Feeney did not identify the organization suspected of perpetrating the fraud, but said the group “is well-resourced and located overseas.” She said her scheme involved phishing, spoofing, social engineering and compromised email accounts.
“They took the opportunity to impersonate the vendor with a genuine-looking email domain, requesting a change in their payment method from check to electronic funds transfer,” Feeney said. “The scam was aided by the fabrication and subsequent deletion of emails from employees’ accounts, as well as the creation of inbox rules to manage and hide incoming messages.”
Four monthly payments were transferred before the seller contacted the city in February to report that he had not received the expected funds.
“It became immediately clear that we had been defrauded, so we alerted authorities and our banking institution, began a digital forensic investigation, hired a breach trainer, and instituted immediate response measures to protect our network,” Feeney said.
The investigation determined that the city’s Microsoft-based systems were infiltrated between September 12 and January 30.
“It was also discovered that there were other attempts to intercept electronic payments totaling approximately $5 million during this period. Fortunately, these attempts were unsuccessful,” Feeney said.
So far, Feeney said the city’s banking partner has been able to recover only $3,308 and the city has filed a claim with its insurer to “hopefully further compensate for the loss.”
The Arlington High School Building Committee voted Tuesday to pay the vendor money it was owed using the project fund. Any payments that are recovered will be returned to the fund, Feeney said.
“I want to emphasize that this loss does not negatively impact the completion of the high school building project in any way,” he wrote.
In the wake of cybercrime, Feeney said the city has instituted mandatory security training and changes to information technology protocols.
Keynote USA
For the Latest Local News, Follow Keynote USA Local on Twitter.