The Office of the Inspector General (OIG) has released a report revealing that Baltimore city was tricked out of hundreds of thousands of dollars last year by a cyber-criminal posing as a vendor.

After receiving information from Baltimore’s Bureau of Accounting and Payroll Services (BAPS) in regards to a suspected fraudulent Electronic Funds Transfer (EFT), the OIG launched the investigation that uncovered the scam.

Suspicions arose when a contractor received funds from the Mayor’s Office of Children and Family Success (MOCFS).

The fraudster, who falsely claimed to be associated with an employee from the vendor company, emailed BAPS and MOCFS twice asking to change the vendor’s EFT remittance information.

They then requested for the filed bank details to be updated to a separate bank account at a completely different financial institution.

“The OIG later determined that the email account associated with the Vendor Employee was compromised by a malicious actor, who established rules within the Vendor Employee’s email account as a result of a phishing attack,” noted inspector general Isabel Mercedes Cumming.

She added: “Therefore, the malicious actor was able to correspond directly with City employees without the Vendor’s knowledge.”

The post Baltimore tricked out of $375k appeared first on IT Security Guru.


You May Also Like

Salt Security brings API security to the channel

Salt Security, the API security company, has announced the global expansion of…

Research finds over 31,000 stolen credentials from the FTSE 100 on the Dark Web

Today, Outpost24 has released the results of its 2022 FTSE 100 Credential…