Email Scam Costs Massachusetts Town $445,000

A recent cyberattack on Arlington, Massachusetts has cost the town almost half a million dollars. The incident involved a business email compromise in which threat actors orchestrated the attack using various malicious techniques.

On June 5, town manager Jim Feeney disclosed that Arlington, counting a population of nearly 46,000, had fallen victim to a cybercrime.

Business Email Compromise Scam Costs Town Roughly $445,000

“Through what is known as a business email compromise (BEC), perpetrators used phishing, spoofing, social engineering, and compromised email accounts to ultimately facilitate wire fraud totaling $445,945.73,” Feeney said in a document addressing the incident. “Most importantly, I want to assure the public that no sensitive or resident data was compromised.”

According to the letter, threat actors masqueraded as vendors working on the Arlington High School Building Project to breach the town’s email servers.

School Reconstruction Project Vendor Impersonated

The project perpetrators decided to piggyback is a legitimate, five-year reconstruction of a local secondary school to accommodate growing enrollment, which started in 2020.

Feeney’s statement revealed that threat actors were monitoring email correspondence after compromising several town employee user accounts. In September, town employees received legitimate emails from the vendor, addressing payment processing issues.

Threat Actors Impersonated Vendor After Monitoring Emails

Through email monitoring, threat actors exploited the situation by creating a rogue email domain that mimicked the legitimate vendor, impersonating the vendor convincingly. The perpetrators then requested a change in payment method from check to electronic funds transfer, which facilitated the incident and resulted in financial losses.

The town made four monthly payments—from October to January—assuming they were depositing into the vendor’s account. It wasn’t until February that the vendor alerted the town that it had not received the payments.

Investigation Revealed no Resident Data Was Compromised

Once the town discovered the scam, it notified law enforcement and its banking institution, and a digital forensics investigation was initiated.

Security experts found that further attempts were made to intercept wire payments during the four-month fraud, amounting to $5 million; fortunately, none were successful. Additionally, the investigation revealed that no sensitive or resident data had been compromised.

Staying One Step Ahead of Scammers

Due to its extensive features, advanced security software such as Bitdefender Ultimate Security offers robust protection against scam attempts and various cyber threats. It includes comprehensive scam detection modules and also deters viruses, worms, Trojans, ransomware, spyware, rootkits, zero-day exploits, and other intrusions.

Moreover, our AI-powered tool, Scamio, enhances your ability to counteract scamming attempts. It lets you verify the legitimacy of emails, text messages, or other online inquiries by analyzing texts, images, links, or QR codes. Scamio can be used for free on WhatsApp, Facebook Messenger, or any preferred web browser. Currently, Scamio serves users in France, Germany, Spain, Italy, Romania, Australia, and the UK.