Baltimore city was tricked out of hundreds of thousands of dollars by a cyber criminal

Risk to Business: 1.251=Extreme

Buckle up because this is a saga. A report just released by the Office of the Inspector General (OIG) details a business email compromise disaster that ended up costing the city of Baltimore more than $375,000. In this incident, bad actors managed to change the bank details kept on file for a vendor who had an agreement with Baltimore’s Mayor’s Office of Children and Family Success (MOCFS). The cybercriminals contacted both MOCFS and Baltimore’s Bureau of Accounting and Payroll Services (BAPS) asking to have the vendor’s banking information updated to send payments to a different bank account at another financial institution. BAPS ultimately complied with the fraudster’s change request, then began sending electronic payments to the new address. You know how this one ends up. Ultimately, cybercriminals made off with $376,213.10. The vendor was not named, but the report noted that cybercriminals had gained access to the vendor’s email accounts through a phishing attack.