The town of Peterborough, N.H., was targeted in a business email compromise (BEC) scam that cost $2.3 million in losses, town officials reported today.
They learned of the attack on July 26, when it was discovered that ConVal School District had not received the $1.2 million monthly transfer from the town. An investigation revealed an email-based fraud. The Peterborough finance department ordered a stop to the transfer, but the funds had already left the town’s bank account.
IT department staff alerted the US Secret Service and cybersecurity consulting firm ATOM Group, and the US Secret Service Cyber Fraud Task Force began tracing the funds through transactions that converted them into cryptocurrency. Investigators found email exchanges between finance department employees and thieves posing as ConVal school district staff.
While this investigation was ongoing, the finance department learned of another scam: Two bank transfers meant to go to a contractor working on a town bridge project had also been fraudulently sent to cybercriminals. Peterborough officials notified the US Secret Service, ATOM Group, and its insurance provider.
“Investigations into these forged email exchanges showed that they originated overseas,” town officials wrote in a release. They note the attackers “took advantage of the transparent nature of public-sector work to identify the most valuable transactions” and focused on diverting those transfers. An investigation is still ongoing, though it seems the money is gone for good.
“We do not believe that the funds can be recovered by reversing the transactions, and we do not yet know if these losses will be covered by insurance,” they report.
Read the full release
for more details.
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
