The Alaskan city of Unalaska has recovered approximately $2.3 million after digital fraudsters targeted it with a phishing attack.
Erin Reinders, city manager of Unalaska, revealed that the municipality had recovered $2,347,544.43 on 22 August. That amount constituted a large part of the $2,985,406.10 total which the City had sent to scammers. Per Reinders’ comments, government officials should be able to recover the remaining $637,861.67 via its insurance policy.
Unalaska processed these payments after receiving a phishing email in which digital attackers masqueraded as a known vendor for the city. In their email, the bad actors instructed the municipality to send payments for legitimate invoices to a bank account under their control. The city subsequently complied by sending approximately $3 million to the account between 15 May and 9 July.
When government officials realized what had happened, they ceased sending over the payments and immediately contacted the FBI. FBI Special Agent Steve Forrest explained that Unalaska’s quick response made it possible for agents to recover the $2.3 million. As quoted by Anchorage Daily News:
In the case of Unalaska, we were able to recover funds and prevent any future loss thanks to the timely and thorough response from the city administration. We are continuing to investigate this case in an effort to identify the perpetrators.
Reinders did not identify the vendor whom the attackers impersonated but did clarify that the City had compensated the company for the total amount owed after detecting the attack.
Unfortunately, Unalaska isn’t the only city that’s suffered a phishing attack recently. In June 2019, for instance, Riviera Beach paid bad actors approximately $600,000 in ransom to recover its information after it fell victim to a ransomware attack that began with a phishing email. Just a few months later, the City of Naples in Florida lost $700,000 as the result of a spear-phishing attack, reported Naples News.
These attacks underscore the importance of local and state governments taking precautions against the rising threat of phishing. One of the most important things they can do is create a security awareness training program designed to educate all employees about phishing attacks and other digital threats. This resource is a good place to start.