City of Naples loses $700,000 in a spear phishing attack.

On August 6, 2019, Charles Chapman, city manager of Naplesm announced that the city fell victim to a spear phishing attack—a phishing attack that uses email spoofing to fool victims. The attackers managed to scam the city out of a whopping $700,000.

What happened

On June 24, an email was sent on behalf of the Wright Construction Group, the vendor for an ongoing street renovation project in Naples. The attacker posed as the vendor and requested a change in bank account information. The employees at City Hall transferred the amount to the attacker’s account on July 11. However, on August 1, they became aware that they had transferred funds to a fake bank account belonging to the attacker. 

“It is important to note the process of any invoicing is a multi-layered process of checks and balances,” Chapman said. "The change of bank account procedure also has checks and balances, but is a separate process from the invoice payment system. The city’s data systems are safe and secure. This attack was not malware or ransomware, no data breach occurred."

The city has notified local law authorities and the FBI about the attack, who in turn have launched a criminal investigation. Apart from that, it's also improving training methods to educate employees on identifying and avoiding such phishing attacks.

It's crucial that your organization is protected against email threats. A smart tool like Exchange Reporter Plus from ManageEngine enables organizations to stay ahead of attackers by monitoring for and thwarting cybersecurity threats. Download a free, 60-day trial of Exchange Reporter Plus today.