Cybercriminals managed to divert $2.5 million in a business email compromise (BEC) scam targeting Cabarrus County, North Carolina. $1.7 million of that has not been recovered and remains missing.
The attack started at the end of November 2018, when employees of Cabarrus County Schools and Cabarrus County Government received emails pretending to be from Roanoke, Virginia-based Branch and Associates, Inc., the general contractor for construction of West Cabarrus High, a new school for the Cabarrus County Schools District.
Posing as representatives of Branch and Associates, the conspirators sent a series of emails to request the update of bank account information. The attackers provided new banking information, seemingly valid documentation and signed approvals.
Next, the conspirators simply waited for Cabarrus County to make the next vendor payment, which was of $2,504,601. As soon as the funds arrived in their account, the scammers started diverting them through multiple different accounts.
The scam was discovered on January 8, when Branch and Associates sent a courtesy notification of a missed payment. SunTrust, the bank from which the funds were transferred, and Bank of America, the bank to which funds were transferred, were notified.
While $776,518.40 of the funds remained in traceable accounts and were recovered, $1,728,082.60 of the total remains missing.
Authorities were also notified on the scam, and the investigation into the incident continues. Cabarrus County says that construction of the new high school has not been impacted.
Both the number and sophistication of socially engineered BEC scams have increased over the past several years, reports published by the FBI’s Internet Crime Complaint Center (IC3) earlier in 2019 show.
Losses associated with BEC scams in the U.S. reached $1.3 billion last year alone, and the number of received complaints also went up, the FBI revealed. Between October 2013 and May 2018, this type of fraud caused potential losses of more than $12 billion globally.
Earlier this year, Agari detailed a new type of BEC fraud, where scammers attempt to divert funds by adding fictional accounts to company payrolls. This allows attackers to siphon off smaller, but continuous, amounts of money.
The fight against BEC has intensified as well, with authorities worldwide joining forces to dismantle large networks of scammers.
More from Ionut Arghire
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
Latest News
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
