The Post and Courier reported:
Cyberattack tricks Upstate county into paying over $1.5M in fake invoices
The cyberattack dates back almost three months to Dec. 15 when the suit alleges unknown scammers — listed in the legal filings as John and Jane Doe — first reached out to the county posing as a contractor submitting an invoice for payment.
The payment request came from an email account similar to longtime South Carolina contracting firm Mashburn Construction Co. Inc. The company’s work for the county includes the penny sales tax-funded Laurens County Historic Courthouse project.
A fake invoice featuring a fraudulent logo provided a company mailing address along with deposit information for a Wells Fargo bank account.
The cyberattack dates back almost three months to Dec. 15 when the suit alleges unknown scammers — listed in the legal filings as John and Jane Doe — first reached out to the county posing as a contractor submitting an invoice for payment.
The payment request came from an email account similar to longtime South Carolina contracting firm Mashburn Construction Co. Inc. The company’s work for the county includes the penny sales tax-funded Laurens County Historic Courthouse project.
A fake invoice featuring a fraudulent logo provided a company mailing address along with deposit information for a Wells Fargo bank account.
Find the original article here.
Takeaway: Never change remittance information based on an invoice, which can be a fake. Have a separate process for remittance changes that includes controls, validations, authentication and best practices.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
Takeaway: Never change remittance information based on an invoice, which can be a fake. Have a separate process for remittance changes that includes controls, validations, authentication and best practices.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat