An official in Griffin, Georgia’s finance department wired more than $800,000 to scammers, following instructions he believed had been emailed from a water treatment company the city uses.
The employee made two payments, dated June 21 and June 26. Shortly after the second payment, the city was contacted by its water treatment vendor, P.F. Moon, asking why it hadn’t paid its bill, according to The Grip, a local news outlet that first reported news of the incident on Wednesday. Upon closer examination, Griffin officials discovered the email address that had provided banking details for the transfer was slightly different than the usual address used for correspondence with the company, which city manager Kenny Smith said dates back years.
“Whoever fraudulently sent that invoice knew that we did business with that company, knew the project done by this company and the cost of that project,” Smith told The Grip.
A city spokesperson confirmed the incident to StateScoop but said due to an ongoing investigation she could not comment further. The city has not yet recovered any of the funds, but the FBI is investigating the incident, according to WXIA, a local NBC affiliate.
Smith said in a statement that his city, an Atlanta suburb of 22,000 people, “has the highest degree of firewall protection and constantly trains employees on the latest methods that hackers use, however the criminals seem to always be one step ahead.”
He said the scammers likely got the information they needed by infiltrating P.F. Moon’s computer systems. Patrick Kelley, a cybersecurity researcher with Critical Path Security, told WXIA he was able to find working credentials for the water treatment company’s system online within several minutes.
The city reportedly has insurance, but it’s unclear whether it would cover such an incident, which the security community calls an email account compromise or business email compromise. This type of scam, which sometimes involves requesting the purchase of gift cards, netted its backers $1.2 billion last year, according to the FBI’s 2018 IC3 report.