Erie, Colorado, a small town just outside of Denver, was hit with a business email compromise (BEC) scam in the fall of 2019. The town had a contract with SEMA Construction for construction of the Erie Parkway Bridge. Since this was public knowledge, the scammers used an online form located on Erie’s website and sent it as if they were someone from SEMA who was requesting a payment information change. In this case, Erie’s staff did check the form for basic accuracy, however, they did not verify this request with SEMA directly and ended up changing the payment information. A payment of $1.01 million that was scheduled to go to SEMA on October 25th, 2019 was instead sent to the accounts of those that were behind the scam. After the incident was noticed on November 5th, 2019, Erie removed the contact form that the scammers used from the town’s website as well as temporarily discontinued electronic payments. Law enforcement officials are working alongside The Town of Erie staff to investigate the incident.
Analyst Notes
BEC scams are a lucrative method for criminals who are looking to make a quick but heavy profit. Cities and schools should be especially careful when completing large construction projects since they are typically publicly announced, and scammers know that large wire transactions are made to complete the projects. Any time an email is received requesting any type of money or account information transfer it should be verified. This can be done by calling a reputable contact from the company that is being worked with.
Source: https://www.bleepingcomputer.com/news/security/colorado-town-wires-over-1-million-to-bec-scammers/
