Ocala City in Florida lost $742,000 following BEC attack

Business email compromise scam (BEC) continues to target organizations worldwide, crooks stole $742,000 from Ocala City in Florida.

The City of Ocala in Florida is the last victim in order of time of a profitable business email compromise scam (BEC) attack, fraudsters redirected over $742,000 to a bank account under their control.

Attackers’ emails posed as an employee of a construction company, Ausley Construction, that is providing its services to the city for the building of a new terminal at the Ocala International Airport.

The BEC attack took place in September, when fraudsters sent an email to a city senior accounting specialist informing him to send future payments to a new bank account.

Clearly, the attackers had a deep knowledge of the targeted organization and such kind of attack implies a long preparation during which fraudsters collect as much information possible related to the victims.

Impersonating vendors or clients is the latest trend observed in BEC scams, and requires a lot of preparation to create a message the victim will take for genuine. This phase involves social engineering techniques, OSING, and also malware.

“In the case of Ocala, the criminals gave the city employee a routing number and a bank account number along with a copy of a voided check.” reported BleepingComputer.

Fraudsters used a messages sent from a fake address of the company, “ausleyconstructions.com” instead of the legitimate ” ausleyconstruction.com/ ” domain.

On October 22, Ausley Construction sent a payment reminder to the Ocala city because an invoice submitted five days earlier had not been paid, then the officers at the city discovered that the money was transferred to crooks’ banking account. In August, the city of Naples, Florida, was a victim of a BEC attack and fraudsters redirected around $700,000 into their account.

In September, Toyota Boshoku Corporation announced that one of its European subsidiaries lost more than $37 million due to a business email compromise (BEC) attack.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – BEC, Ocala City)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.