The City of Ocala in Florida is the last victim in order of time of a profitable business email compromise scam (BEC) attack, fraudsters redirected over $742,000 to a bank account under their control.
Attackers’ emails posed as an employee of a construction company, Ausley Construction, that is providing its services to the city for the building of a new terminal at the Ocala International Airport.
The BEC attack took place in September, when fraudsters sent an email to a city senior accounting specialist informing him to send future payments to a new bank account.
Clearly, the attackers had a deep knowledge of the targeted organization and such kind of attack implies a long preparation during which fraudsters collect as much information possible related to the victims.
Impersonating vendors or clients is the latest trend observed in BEC scams, and requires a lot of preparation to create a message the victim will take for genuine. This phase involves social engineering techniques, OSING, and also malware.
“In the case of Ocala, the criminals gave the city employee a routing number and a bank account number along with a copy of a voided check.” reported BleepingComputer.
Fraudsters used a messages sent from a fake address of the company, “ausleyconstructions.com” instead of the legitimate ” ausleyconstruction.com/ ” domain.
On October 22, Ausley Construction sent a payment reminder to the Ocala city because an invoice submitted five days earlier had not been paid, then the officers at the city discovered that the money was transferred to crooks’
In September, Toyota Boshoku Corporation announced that one of its European subsidiaries lost more than $37 million due to a business email compromise (BEC) attack.
(SecurityAffairs – BEC, Ocala City)