Officials in Harris County, Texas — the county surrounding Houston — are calling for greater cybersecurity defenses after a failed phishing attack nearly cost the county $888,000.
The Houston Chronicle reported Thursday that on Sept. 21 an email from someone pretending to be an unpaid contractor tricked the Harris County Auditor’s Office into sending the funds. Once the office realized the request was fraudulent, the county canceled the payment a day after the transaction was made on Oct. 13, but now concern has arisen that the incident may reflect a lack of cybersecurity protection and training in the county — which is the third largest in the nation.
Alan Rosen, the constable of Harris County’s Precinct 1 said that his police officers have thoroughly investigated the incident and have passed it onto the FBI for further analysis. The Houston Chronicle reports that the perpetrator is part of a group that “has attempted to extort local governments around the world,” but neither the group nor its country of origin have been publicly identified by law enforcement.
Rosen said his team is working with the FBI because the attack is one of many by the group in the United States to cheat county and city governments. Yet beyond its collaboration with federal law enforcement the county is also upgrading its payment procedures and considering tighter cybersecurity defenses.
Harris County Auditor Michael Post has already created a five-person team to review the roughly 10,000 outgoing payments each month — worth $141 million — but the county is also looking at how it can increase digital security.
Orlando Sanchez, the Harris County treasurer, is recommending a full analysis of the county’s vulnerabilities. Sanchez has proposed that Briggs and Veselk, a forensic financial investigation firm, be hired to conduct the review. This proposal will be reviewed by the Harris County Commissioners Court on Jan. 30.