Phishing Scam with Fraudulent Invoice Costs City of Fresno Over $600,000



Phishing Scam with Fraudulent Invoice Costs City of Fresno Over $600,000This simple invoice scam appears to be a part of a much broader campaign targeting municipalities, posing as existing subcontractors.

The City of Fresno, CA recently admitted to being the victim of wire transfer fraud back in 2020. An invoice was emailed in, purporting to be from a contractor working on the construction of one of the city’s police stations. According to the local newspaper, the Fresno Bee (who obtained copies of the fraudulent email and invoice), the invoice looked correct, with only the bank details being modified. Two payments, totaling $613,737, were made and were sent to a bank in Africa. The City of Fresno’s mayor spoke recently indicating that the scam has been seen in multiple municipalities and is part of a larger effort to obtain as much money as possible.

The simplicity of this attack feels a bit brazen; it’s like walking into a hotel with nothing but a business card that says you’re CEO of a well-known company and talking your way into being given the Presidential Suite.

This fraud could have been easily stopped with simply policy and procedure – whenever banking details are changed, a phone call – using a known-good source for the specific number to call (and not the one on the email or invoice) – to verify the change is all it takes. Additionally, it’s likely that if the email containing the invoice were scrutinized, the recipient would have found some other indicators that it was not real, including the senders email address.

This type of scrutiny is a given with employees that undergo continual Security Awareness Training where they are taught to maintain a sense of vigilance, scrutinizing anything that looks out of the ordinary – which include invoices with banking detail changes.


Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Request a Demo!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/kmsat-security-awareness-training-demo

Topics: Phishing



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews