A spear-phishing last month at Orange Park City Hall almost got away with $500,000 from the city's bank account. Fortunately it was caught in time so that a wire transfer that already had been made could be clawed back. Security measures have been installed to prevent future thefts, City Manager Jim Hanson said.
"Orange Park is a small community; $500,000 is a tremendous amount of money for us," Hanson said. "We were very worried about it."
Hanson said the FBI is investigating the case out of its Pittsburgh office, and no arrests have been made. That is highly unlikely as these cyberheists are normally pulled by Eastern European mafias. .
The heist occurred Feb. 13 when a spear-phishing email with a malicious attachment was sent to all city hall employees They were social engineered and thought they were being sent a file they needed to see.
Opening the attachment downloaded a trojan and keyboard logger onto the town network that allowed the attackers to find the information related to the the town's Wells Fargo bank account.
"What this particular virus did was to transmit various banking information to the people who created the virus," Hanson said.
$491,000 was wired from a general investment account under the town's name to an account at Deutsche Bank. Town hall staff was on the ball and found out what happened in half an hour and took quick action. The money was eventually transferred back in full into the Wells Fargo account.
"One lesson we've learned is that you need to educate your employees never to open an attachment on an email unless you're expecting it, even if you think you know who it's coming from," Hanson said. "It could easily be a virus."
We agree that stepping employees through effective security awareness training is a very good idea to prevent a cyberheist like this. Find out how affordable this is for your organization today.