Another incident in the annals of successful spear-phishing:
- Scammer pretended to be a construction contractor working with the city and sent an email.
- While the email was phony, the underlying invoice was legitimate
The city of Ocala has become the latest victim of a ‘spear-phishing attack’. The officials have revealed that the city has lost a little over $500,000 after sending a payment to a fraudulent bank account.
- According to Ocala.com, the incident occurred when a scammer sent a phishing email to a city department.
- The scammer pretended to be a construction contractor working with the city and sent an email, requesting payment for services via electronic transfer.
- While the email was phony, the underlying invoice was legitimate – which was enough to trick an employee.
- The employee mistook the email to be legitimate and inadvertently transferred $640,000 to a fraudulent bank account set up by the scammer
And the tipoff?
Ocala Mayor Kent Guinn revealed that the email address used in the attack included an extra letter that is not part of the legitimate contractor’s email.