Light Dark
January 6, 2020 By David Bisson 2 min read

A Colorado town lost more than $1 million in a business email compromise (BEC) scam after mistakenly transferring the money to digital fraudsters.

According to the Denver Post, the town of Erie, Colorado, sent $1.01 million to malicious actors as a result of a BEC scam. The attack began back in mid-October when an unknown individual completed an electronic form on the town’s website. They used the form to request that SEMA Construction, Inc., a local construction company, begin receiving electronic payments instead of checks for its work on the Erie Parkway Bridge going forward.

A staff member subsequently accepted the form and updated the payment information without following the necessary guidelines for doing so. As a result, the town sent two electronic payments totaling $1.01 million to an account not authorized by SEMA. The perpetrators then used wire transfers to move that money outside of the country.

The staff person voluntarily resigned after the town had learned of the fraud. In the meantime, Erie officials used a transportation impact fund to pay SEMA via check while it awaits a pending insurance claim concerning the scam.

Just the Latest Successful BEC Scam

This attack is among other successful BEC scams that occurred in recent months. Back in July 2019, the Griffin Police Department revealed that the city of Griffin, Georgia, had sent more than $800,000 to an account under attackers’ control. In October, Nikkei revealed that an employee had transferred $29 million to a malicious individual pretending to be a management executive at the stock market index. Just a week after that, Ocala.com revealed that BEC scammers had defrauded the Floridian city of Ocala out of nearly three-quarters of a million dollars.

How to Defend Against Business Email Compromise

Security professionals can help their organizations defend against BEC scams by crafting an incident response plan that identifies the policies and procedures that team members should follow in the event of a security incident. Doing so will help speed up the incident response process should the organization fall victim to a BEC attack. Infosec personnel should balance this plan with security awareness training that educates employees about social engineering techniques, including emails that are designed to trick employees into sending funds to an attacker-controlled bank account.

 |  |  |  |  | 
David Bisson
Contributing Editor

More from

July 26, 2024

test img

8 min read - What is Lorem Ipsum? Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and…

July 26, 2024

img test

7 min read - test imgWhat is Lorem Ipsum? Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature