https://www.infosecurity-magazine.com/news/baltimore-conned-out-of-375k/
Exploit: Business Email Compromise
The City of Baltimore: Municipality
Risk to Business: 1.251=Extreme
Buckle up because this is a saga. A report just released by the Office of the Inspector General (OIG) details a business email compromise disaster that ended up costing the city of Baltimore more than $375,000. In this incident, bad actors managed to change the bank details kept on file for a vendor who had an agreement with Baltimore’s Mayor’s Office of Children and Family Success (MOCFS). The cybercriminals contacted both MOCFS and Baltimore’s Bureau of Accounting and Payroll Services (BAPS) asking to have the vendor’s banking information updated to send payments to a different bank account at another financial institution. BAPS ultimately complied with the fraudster’s change request, then began sending electronic payments to the new address. You know how this one ends up. Ultimately, cybercriminals made off with $376,213.10. The vendor was not named, but the report noted that cybercriminals had gained access to the vendor’s email accounts through a phishing attack.
Individual Impact:
No information about consumer/employee PII, PHI or financial data exposure was available at press time.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: Business email compromise is the most dangerous cybercrime according to FBI IC3, 64x worse than ransomware. This is why.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.