Recession-Ravaged Puerto Rican Government Duped By Phishing; Transfers Millions To Cybercriminals
The Puerto Rican government has released details of a recent email phishing scam that resulted in cybercriminals walking away with a payday in the millions, at a time where the US Territory is facing a near recession.
The country’s finance director, Ruben Rivera has issued a report to the police earlier this week, stating that his agency had sent $3.8 million to a fraudulent account after a successful email phishing attack on staff members.
Rivera confirmed that the agency transferred the funds on January 17th, after it had received an email requesting a change of bank account details attached to remittance payments, the police statement reads.
Manuel Laboy, executive director of the government agency told the media that officials first learned of the fraudulent account earlier this week, and alerted relevant authorities, including the FBI straight after. “This is a very serious situation, extremely serious,” Laboy said, adding that “we want it to be investigated until the last consequences.”
Laboy failed to release details as to exactly how the agency was duped, but did confirm that an internal investigation was already underway to determine whether there was a failure to meet the agency’s policies. “I cannot speculate about how these things might happen,” he said.
Puerto Rico’s economy has been in a thirteen-year-long recession period, so news of a governmental brand being fooled by cybercriminals is sure to enrage citizens.
However, a report from Infosecurity Magazine states that “the money was transferred by an unsuspecting employee of Puerto Rico’s Industrial Development Company, a government-owned corporation whose mission is to work with local and foreign investors to drive economic development on the island.”
“The email falsely claimed that the existing bank account used for remittance payments should no longer be used for this purpose and informed the agency that the money should be sent to a new bank account. It was this new account that turned out to be fraudulent and in the control fo cybercriminals.”
According to a report issued by the FBI last week, email phishing scams were the top complaint reported authorities, suggesting that despite awareness and education surrounding fraudulent emails, they remain an effective means of income for cybercriminals.