Fake Invoices Used by BEC Scammers to Defraud Griffin City, Georgia of Over US$800,000

The government of the City of Griffin, Georgia, lost over US$800,000 to a business email compromise (BEC) scam last month. Rerouting the stolen amounts in two separate transactions to fraudulent bank account, the BEC operators managed to trick the city officials by posing as P.F. Moon, a vendor the city has worked with for years.

[Read: Integrating machine learning in security solutions helps spot BEC scams]

Legitimate-looking invoices used as part of the scam

Griffin’s police department shared that the city’s financial department received emails purportedly from P.F. Moon, the vendor they contracted for water treatment facilities. One of the supposed emails from the vendor was a request to change bank account information, which the recipient did not find suspicious. Notably, the BEC operators also used electronic invoices that contained correct information regarding the project done with the vendor and the cost, making the email appear credible to the recipient.

In the first transaction on June 21, US$581,180.51 was rerouted to the fraudulent account, while US$221,318.78 was rerouted in the second transaction on June 26. The fraud was discovered the same day as the second transaction, when P.F. Moon contacted the finance department inquiring about the city government’s payment for its services. This inquiry eventually led to the city government discovering that the email address used in the email exchanges was a spoofed one.

P.F. Moon's system possibly hacked — city manager

According to Griffin’s City Manager Kenny Smith, he and other local officials suspect that P.F. Moon’s system had been hacked by the operators, citing the latter’s use of specific pieces of information in the invoices.

“We feel like for them to know all that information, someone had to have gotten into the vendor’s system, so I guess that’s what needs to be investigated by authorities — how they got ahold of that information in order to send the fraudulent invoices,” Smith added.

[Read: Notable BEC schemes and trends that you need to know]

Security recommendations

BEC operators are relentless in their quest to defraud as many organizations as they can. In 2018 alone, the Federal Bureau of Investigation (FBI) received 20,373 BEC/email account compromise (EAC) complaints, racking up a total of over US$1.2 billion in adjusted losses.

Organizations must inform their employees of ways to avoid falling for BEC scams. Aside from providing guidelines on dealing with financial and business emails, organizations should ensure employees to verify any change to vendor payment accounts and confirm fund transfer requests using phone verification as part of two-factor authentication.

Organizations can also consider adopting security solutions that are infused with innovative technologies such as Writing Style DNA. Used by Trend Micro™ Cloud App Security™ and ScanMail™ Suite for Microsoft® Exchange™ solutions, Writing Style DNA helps detect email impersonation tactics used in BEC and similar scams. It uses artificial intelligence (AI) to recognize the DNA of a user’s writing style based on past emails. The technology verifies the legitimacy of the email content’s writing style through a machine learning model that contains the legitimate email sender’s writing characteristics.

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.