Cabarrus County Government Targeted in Social Engineering Scam (Jul 29, 2019)
The Cabarrus County government in North Carolina, US have announced they got caught in a social engineering scam. Pretending to be representatives of Branch and Associates, a contractor for the County, the actors sent emails to employees requesting new banking changes. The scammers sent documents and contracts, appearing to be the legitimate company, requesting $2.5 million, which the Cabarrus County paid. After the legitimate Branch and Associates contacted Cabarrus County about missed payments, the County was alerted to an issue contacting Bank of America who froze $776,518 of the payment. However, the remaining $1.7 million has not been recovered, as of this writing.
Recommendation: Employees and individuals should be educated on the risks of phishing, specifically, how to identify such attempts and who to report it to should such a discovery be made. If a representative claims to be from a bank or other trusted entity, it is best practice to avoid providing bank details. If unsure about the legitimacy, the company should be contacted directly to confirm, before sending financial information.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.