The Alaskan city of Unalaska has recovered approximately $2.3 million after digital fraudsters targeted it with a phishing attack.

Cybersecurity Live - Boston

Erin Reinders, city manager of Unalaska, revealed that the municipality had recovered $2,347,544.43 on 22 August. That amount constituted a large part of the $2,985,406.10 total which the City had sent to scammers. Per Reinders’ comments, government officials should be able to recover the remaining $637,861.67 via its insurance policy.

Unalaska processed these payments after receiving a phishing email in which digital attackers masqueraded as a known vendor for the city. In their email, the bad actors instructed the municipality to send payments for legitimate invoices to a bank account under their control. The city subsequently complied by sending approximately $3 million to the account between 15 May and 9 July.

When government officials realized what had happened, they ceased sending over the payments and immediately contacted the FBI. FBI Special Agent Steve Forrest explained that Unalaska’s quick response made it possible for agents to recover the $2.3 million. As quoted by Anchorage Daily News:

In the case of Unalaska, we were able to recover funds and prevent any future loss thanks to the timely and thorough response from the city administration. We are continuing to investigate this case in an effort to identify the perpetrators.

Reinders did not identify the vendor whom the attackers impersonated but did clarify that the City had compensated the company for the total amount owed after detecting the attack.

Unfortunately, Unalaska isn’t the only city that’s suffered a phishing attack recently. In June 2019, for instance, Riviera Beach paid bad actors approximately $600,000 in ransom to recover its information after it fell victim to a ransomware attack that began with a phishing email. Just a few months later, the (Read more...)