Colorado Town Wires Over $1 Million To BEC Scammers (Jan 3, 2020)
The Colorado Town Erie has paid over one million dollars in a Business Email Compromise (BEC) scam. Using social engineering, the scammers contacted the Town requesting a change of payment from cheque to electronic transfer for the Erie Parkway Bridge. The town staff accepted the form and did not verify the authenticity of the submission with the construction company, wiring one million dollars to the account. The contact form has been removed from the town’s website, with the local police working with the FBI to investigate the incident, and attempt to recover funds.
Recommendation: It is crucial that your employees are aware of their institution's policies regarding electronic communication. While communications may appear legitimate, it is crucial for employees to verify with the sender, especially in the case of transferring large amounts of public funds, as seen in this case.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.