In April, a hacker duped Portland, Oregon, employees into wiring him $1.4 million.
According to Oregon Public Broadcasting, the thief used a business email compromise (BEC) plan to steal from a city employee.
Portland’s city administration lost $1.4 million in a cyber-related incident in May, without providing details. OPB stated Monday that city emails show the cybertheft was a BEC attack.
More From Us:Dark Mode on MacOS Screen
The hacker likely started the scheme by sending a phishing email to a City of Portland employee. The hacker then impersonated a Central City Concern official to collect $1.4 million in municipal financing.
The city’s treasurer suspected the $1.4 million wire payment was fake. The wire transfer account didn’t match Central City Concern’s bank account.
The city’s treasurer ordered that municipal personnel verify the nonprofit’s bank account information. Municipal workers choose to communicate via email. The employees spoke with a hacker impersonating the NGO. City workers transferred $1.4 million nonetheless.
The hacker finally detected the email vulnerability after attempting a second fraudulent wire transfer weeks later. IT revealed the hacked email account was accessed from Texas, Germany, and Nigeria, likely with a VPN.
Portland’s city government announced in June that it is seeking recovery for as much of the stolen money as possible through cybersecurity insurance and other ways.
The incident reminds us to call or meet the wire transfer receiver before sending money. FBI says BEC operations have stolen $43 billion from worldwide firms since 2016.