2 min read

$1.7 million still missing after North Carolina county hit by business email compromise scam

Graham CLULEY

July 31, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
$1.7 million still missing after North Carolina county hit by business email compromise scam

Money intended for the construction of a brand new high school was instead placed in a bank account controlled by scammers by officials of a North Carolina county.

Cabarrus County in North Carolina, home to NASCAR races at the Charlotte speedway, was duped into believing it was paying a contractor when it moved US $2.5 million into the pockets of online criminals.

According to a notice published on the Cabarrus County government’s website, problems began in November 2018 when Cabarrus County Schools received an email claiming to come from Virginia-based Branch and Associates, which was working on the construction of West Cabarrus High, a new school for the district.

The email claimed that Branch and Associates had changed their bank account details, and requested that future payments on the school construction project were sent to the new account.

To its credit, Cabarrus County says that its staff followed the correct processes – requesting that forms and documentation (including an electronic funds transfer (EFT) form signed by the bank) were submitted to make the change.

One week later, Cabarrus County received the documentation from the criminals, and saw nothing to raise any concerns.

Then, on December 21 2018, Cabarrus County electronically transferred $2,504,601 into what they believed was Branch and Associates’ bank account. What an early Christmas present that must have been for the scammers.

It wasn’t until January 8 2019, when anyone realised that something was wrong. A genuine representative of Branch and Associates contacted Cabarrus County enquiring about a missing payment.

Soon afterwards, the bank and law enforcement were informed, as were the county’s insurers, and an investigation determined that Cabarrus County’s computer systems had not been hacked or compromised, but instead a socially engineered business email compromise scam had been successfully pulled off using a bogus email address.

In response Cabarrus County halted all future payments via electronic transfer until account details could be verified. This process, alongside a redesign of the county’s vendor system, took three months.

And although some of the funds were recovered by the Bank of America, some $1.7 million remains missing.

In the video below you can watch the county’s board of commissioners approve the transfer of $1,653,082,60 from its emergency fund to allow work to continue on the school’s construction without further disruption.

Sadly for Cabarraus County, their insurance policy has only covered $75,000 of the loss.

Business email compromise scammers have been stealing large amounts of money from organisations engaged in construction projects in recent years, by posing as companies providing services. Earlier this year, for instance, a church in Brunswick, Ohio, was duped into wiring $1.75 million into an account controlled by criminals.

All organisations need to learn to be exceptionally cautious whenever one of their suppliers says that their bank account details are changing – it may be another scammer trying to make a quick and easy fortune.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read