In July 2018, the Washington D.C. government fell for an electronic mail cheat that led to wire transfers totaling approximately $700,000 being sent to a scammer’s account.
The scammer mimicked a seller used by the city and demanded unsettled bills for construction work be paid. The seller had been hired to work on a design and build the project on a permanent supportive lodging facility.
The electronic mails demanded the payment method be altered from check to bank transfer, and particulars of a Bank of America account was specified where the payments needed to be directed. Three separate payments were made adding up $690,912.75.
The account details provided were for an account managed by the scammer. By the time the cheat was exposed, the money had already been drawn from the account and might not be recovered. As per a Washington Post inquiry, the scammer had mimicked the company Winmar Construction.
The electronic mails were transmitted from a domain that had been listed by the scammer that imitated that of the construction company. The domain was same except two letters which had been transferred. The scammer then generated an electronic mail address using that domain which was utilized to request payment of the bills.
As per the Washington Post, before this cheat, the D.C. government was targeted with several phishing electronic mails, even though Mike Rupert, a representative for the city’s chief technology officer, said those phishing attacks were not fruitful and were not linked to the wire transfer cheat.
These cheats are usual. They frequently involve an electronic mail account compromise which lets the scammers identify sellers and get details of remaining payments. David Umansky, a spokesman for the city’s chief financial officer stated the Washington Post that the attacker had gotten the information required to pull off the scam from the seller’s system and that D.C. officers failed to identify the fake domain and electronic mail.
After noticing the fake wire transfers, the D.C. government got in touch with law enforcement and steps have been taken to trace the scammers. Extra safety controls have now been implemented to avoid similar cheats from succeeding in the future, including the requirement for extra confirmation to take place to verify the genuineness of any request to alter bank information or payment methods.
The U.S Treasury Division has now started an inquiry into the breach, as bank scam is a central offense. That inquiry is continuing.