The Midcoast Regional Redevelopment Authority nearly lost $125,000 to cyber-criminals this week after they attempted to initiate a fraudulent bank transfer. The attackers gained access to email accounts belonging to Midcoast through the use of compromised login credentials and sent an email from an employee of Midcoast to the organization’s primary financial institution requesting that the funds be transferred to an outside account. Luckily for Midcoast, they had put safeguards in place with their financial institution to require a verification email from Midcoast’s Executive Director as well as a follow-up phone call with the Executive Director before a transfer will be initiated. No details have been released at this time of how many accounts were compromised.
Analyst Notes
It is likely that an employee of Midcoast had reused their login credentials, or similar ones, on a website which had been compromised. At that point, all that would be required on the attacker’s part would be to test the credentials and some reconnaissance work in order to know which financial institution to target–which would have been easy work if the compromised account had ties to Midcoast’s finances in any way. Midcoast has since forced a password change on all employee accounts, but this highlights the need for good password security and good password management, as well as due diligence in order to know when employee credentials have been posted publicly.
