After falling for a BEC scam, Cabarrus County in North Carolina lost $1,728,082.60 after sending $2.5 million to scammers pretending to be contractors building the county's new high school.
BEC, or Business Email Compromise, fraud schemes are scams where crooks deceive employees of privately-held companies and public organizations into wiring money to entities they trust but whose bank accounts were changed to ones controlled by the criminals.
Cabarrus County fell for this type of scam when they received a phishing email stating that the bank account for Branch and Associates, the contractor building their new high school, had been changed and that the county should use it for future invoice payments.
After receiving documentation that looked legitimate, the county changed the banking information that they would send payments. The scammers then waited for the county to make their next vendor payment, which allowed them to steal $2,504,601.
"Legitimate requests to update bank account information are routine," stated the county's announcement. "In this case, the request to change Branch and Associates’ vendor banking information was made by conspirators. They provided County staff with new banking information, seemingly valid documentation and signed approvals. The conspirators then waited for the County to transfer the next vendor payment. After the funds were unknowingly deposited into the scammers’ account, they were diverted through multiple different accounts, the investigation revealed."
The county had not learned of their mistake until almost three weeks later when they received a phone call from a legitimate representative of Branch and Associates about a missing payment.
Banks could only recover $776,518.40
After learning that they made the payment to a fraudulent bank account, Cabarrus County notified their banks, who was able to recover a total of $776,518.40 of the stolen $2.5 million.
"The County notified SunTrust, the bank from which the funds were transferred, and followed their recommended procedures. Branch and Associates notified Bank of America, the bank to which funds were transferred, which froze $776,518.40 of the $2,504,601 that remained in traceable accounts. Cabarrus County also consulted with its insurance vendors."
Their insurance policy only covered $75,000 of the loss.
In order to pay their contractor's invoice, the county had to transfer $1,653,082.60 from county funds set aside for "extraordinary circumstances".
In an uncommon glimpse into local politics and BEC scams, a video of the Cabarrus County officials explaining what happened to the funds can be watched below.
The FBI have been notified and are handling the case.
BEC scams are out of control
Cabarrus County is not alone as just last month the City of Griffin, Georgia fell victim to a BEC scam that lost them close to $800,000 after targeted by scammers pretending to be their water treatment facility.
BEC scams are out of hand and local counties and cities are prime targets for scammers who know that government projects and the contractors fulfilling them are public information and readily available.
They can then use this information to impersonate vendors in order to convince a city or county to update the payment banking information with accounts under the attacker's control.
The Financial Crimes Enforcement Network (FinCEN) recently released a report stating that BEC SAR filings (suspicious activity reports) increased from an average of $110 million per month in 2016 to $301 million dollars per month in 2018.
In order to avoid BEC scams, entities need to create strict vendor processes that authenticate any changes through multiples processes. This includes face-to-face meetings and direct phone calls when making any payment changes.
Simply relying on email is no longer enough as those emails may be coming from anywhere in the world.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now