BALTIMORE (WJZ) – The city of Baltimore was the victim of a scam scheme last year when it sent more than $375,000 to a hacker posing as a supplier with a contract with the city, according to a new report from the Office of the Attorney General. inspect.
The company received monthly payments from the Mayor’s Office of Child and Family Success. According to the report, the office and the Department of Accounting and Payroll Services of the Ministry of Finance were contacted twice via email about changing banking information for payments.
However, the supplier’s email account was “infiltrated by a malicious actor,” allowing a hacker to correspond with city employees without the company’s knowledge, the report said.
On December 22, 2020, the city attempted to send an Electronic Transfer payment to the company, a day after the supplier’s account information was transferred from one bank to another, reporting report said.
The bank at the end of the transfer flagged the transaction as fraudulent and returned the funds.
On January 5, 2021, the hacker made another request to transfer the account to a third bank, providing a letter and check voiding the vendor’s name. Someone claiming to be the supplier’s chief financial officer also called the Treasury Department to discuss the change, the report said.
Two days later, the city sent a payment of $376,213.10, the report said.
The provider has not yet received full payment from the city but received $50,000 from their insurance company for a loss fraud claim.
The hacker’s account was frozen and the balance of $38,730.15 was transferred to a separate account, the bank said.
According to the Office of the Inspector General, at the time of the phishing attack, employees in the Accounting and Payroll Services Department did not have an authorized sign list for suppliers and had to resort to department heads. other city departments for that information. .
And the office did not independently verify the account change request following a purported call from the chief financial officer, the report said.
In a response letter, Treasury Director Henry Raymond said the office “immediately reinforced internal protocols” and continued to review its policies.
https://baltimore.cbslocal.com/2022/02/15/oig-report-city-victim-375k-phishing-attack/ City Victim of $375K Scam Attack – CBS Baltimore