UPDATED 21:13 EDT / FEBRUARY 13 2020

SECURITY

Puerto Rico government loses $2.6M in phishing scam

The government of Puerto Rico has lost $2.6 million after falling for an email phishing scam.

According to an Associated Press report Wednesday, the scam targeted the government-owned Industrial Development Co. Those behind the attack tricked the company into making several payments to a fraudulent account.

The government did not provide details, but it’s believed that the attack started with a phishing campaign that led to those behind the attack gaining access to a legitimate employee account. They then posed as the employee and sent emails to various government agencies saying that bank account details had changed.

The Industrial Development Co. was not the only target. The island’s Tourism Co. also targeted. The attack came to light only when a finance worker at Puerto Rico’s Employee Retirement System called agencies to say that she had not received any payments.

“Sadly, state and local government agencies are common targets for phishing attacks,” Greg Wendt,  executive director at enterprise resource planning data security firm Appsian Inc., told SiliconANGLE. “To reduce the risk of becoming a victim to further phishing emails, government agencies must implement an adaptive security strategy that provides dynamic user access control to highly sensitive data such as financials.”

That means identifying and restricting access from users coming from unknown networks or foreign countries. “An adaptive strategy should be applied to multifactor authentication, as the government will be able to significantly enhance their security with additional user authentication requirements – both at login and fine-grained, inside the application,” he said.

Peter Goldstein, chief technology officer and co-founder of business email compromise security firm Valimail Inc., noted that contrary to popular belief, phishing emails are not always easy to identify.

“They do not always contain obvious typos, broken English or clearly come from unknown senders,” he said. “Cybercriminals have become adept at crafting emails that are difficult to discern from legit messages that recipients receive daily, and even though many organizations invest in employee email security training to prevent these kinds of attacks, attackers continue to find success often through impersonation.”

The U.S. Federal Bureau of Investigation is said to be investigating how the funds were stolen, and Puerto Rico legislators are also demanding a probe.

Photo: Pxhere

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU