During a news conference Wednesday afternoon, city officials revealed that cybercriminals pretending to be a vendor scammed the city's Accounts Receivable Department out of about $3 million for the streetcar project by using a phishing scam.
Dr. Mark Sutter, the city's chief financial officer, said the first ACH payment to the phony vendor was for about $300,000 and a second payment was for about $2.9 million.
Professor Luc Longpre with UTEP's Computer Science program has been teaching courses on cyber security for more than 20 years now. "As soon as you have some amount of money is some account, and you have a process to be able to spend that money somewhere and somebody cracked your system, then they'll take advantage of that process and take the money, it depends on how much money was in the account," he said.
Sutter said the city has recovered about half of that money. That means the rest is basically lost as it was cashed out by the bad guys and not recoverable.
Sutter also stated they don't think their systems were compromised at all, and added changing their system isn't necessary because the system wasn't hacked.
Right. A human was hacked with social engineering.
This could have been prevented with new-school security awareness training.