Back to Email phishing

Email phishing

City of Naples loses $700,000 in a spear phishing attack.

On August 6, 2019, Charles Chapman, city manager of Naplesm announced that the city fell victim to a spear phishing attack—a phishing attack that uses email spoofing to fool victims. The attackers managed to scam the city out of a whopping $700,000.

What happened

On June 24, an email was sent on behalf of the Wright Construction Group, the vendor for an ongoing street renovation project in Naples. The attacker posed as the vendor and requested a change in bank account information. The employees at City Hall transferred the amount to the attacker’s account on July 11. However, on August 1, they became aware that they had transferred funds to a fake bank account belonging to the attacker. 

“It is important to note the process of any invoicing is a multi-layered process of checks and balances,” Chapman said. "The change of bank account procedure also has checks and balances, but is a separate process from the invoice payment system. The city’s data systems are safe and secure. This attack was not malware or ransomware, no data breach occurred."

The city has notified local law authorities and the FBI about the attack, who in turn have launched a criminal investigation. Apart from that, it's also improving training methods to educate employees on identifying and avoiding such phishing attacks.

It's crucial that your organization is protected against email threats. A smart tool like Exchange Reporter Plus from ManageEngine enables organizations to stay ahead of attackers by monitoring for and thwarting cybersecurity threats. Download a free, 60-day trial of Exchange Reporter Plus today.

How ManageEngine can help.

Exchange Reporter Plus provides a host of reports that help you locate suspicious emails, both sent and received, based on keywords in their subject or body. Often the content and sender of malicious emails come across as valid, tricking users into clicking on them and causing serious damage to the business. With Exchange Reporter Plus, it's easy to set up filters to look out for malicious attachments—whether they're TXT, PPT, or BAT files.

Get started now with your free, 60-day trial of Exchange Reporter Plus.

Share:

Latest DoS and DDoS attacks

Latest Brute force attack

Latest Crypto ransomware

Latest Advanced persistent threat (APT)

Compliance violation

Stay In The Know

Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.

Please enter a business email id
 

By clicking 'I’m interested', you agree to processing of personal data according to the Privacy Policy

+

Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
  •  
  •  
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.