A business email compromise attack on the city of Griffin, GA, has resulted in two payments totaling $800,000 being made to accounts controlled by the scammers.
Business email compromise (BEC) attacks are scams in which the email account of a company is compromised and used to send a request to the finance department or a third party to make a fraudulent wire transfer payment. Access to the email is usually gained with a spear phishing email. Bank account details are supplied with the wire transfer request or bank account details of trusted suppliers are altered. This attack involved the latter.
The scammers impersonated a company called PF Moon, which provides water treatment services to the city and targeted finance department official Chuck Olmstead. Olmstead received an email that appeared to have been sent from PF Moon requesting a change to their bank account information.
Two payments were subsequently made to that account, the first on June 21, 2019 and the second on June 26, 2019. The first payment was for $581,180.51 and the second for $221,318.78.
The scam was uncovered when PF Moon contacted the city to find out what had happened to its expected payments. The investigation revealed slight differences between the genuine emails from PF Moon and the one requesting the account change.
The incident is being investigated by the FBI and efforts are being made to recover the funds. The city is confident the funds will be recovered, although they have not done so at the time of writing.
Griffin City Manager Kenny L. Smith suspects the attackers had previously gained access to PF Moon systems as they knew detailed information about the company’s relationship with the city, the projects it was working on, the invoice amounts being charged, and the total cost of the project.
The city has since implement new policies to prevent future attacks from succeeding, including multi-factor authentication for payment changes.