Harris County, Texas fell victim to a phishing scam after the area suffered substantial damage from hurricane Harvey. Perpetrators were able to launder away $900,000 in the name of reparation costs.
Phishing scams have been around for decades. They are one of the oldest tricks in the book for hackers to steal money from unsuspecting and unaware victims. The usual success rate of hackers depends on the lack of awareness or knowledge on behalf of the victims. However, hackers are adding newer and meaner attack vectors to their arsenal. In the case of the Harris County phishing scam, they stole $900,000 by playing on people’s loss and helplessness.
30% of Harris County, Texas got submerged due to hurricane Harvey on September 21, 2017. While the local government was trying its best to help those affected and let them put the incident behind, they were slapped with another problem. The auditor’s office received an email from a person named Fiona Chambers, apparently an accountant with D&W Contractors, Inc., asking him to transfer $880,000 to a bank account as per their contract. The auditor didn’t check the legitimacy of the email since D&W Contractors, Inc. happened to be an actual firm which was indeed working to help the County government with repairs on that day. Little did he know that it would come back to haunt him.
It didn’t take them more than 24 hours to realize that something was terribly wrong. When the County government found that there was no one by the name of Fiona Chambers with D&W Contractors, Inc., the first alarm bells rung. When they discovered that the bank account in question did not belong to D&W Contractors, Inc., their worst fears were confirmed. The County had fallen prey to a vicious phishing scam where the perpetrators stole $900,000 from an area deeply affected by a natural calamity. As FBI investigations continue, the County has stated that it will boost its cybersecurity and do everything possible to put this incident behind and learn from it.
As for the people behind the phishing scam, the FBI suspects a group famous for attacking local governments in a similar fashion all over the world. Another similar case took place in June 2017. This time, it was Supreme Court judge Lori Sattler who was attacked. She was on the lookout to sell her apartment when she received an email from a real estate lawyer asking her to transfer $1 million to a bank account. Judge Sattler did so, not suspecting that it could be a fake due to the timing of the mail. But once she transferred the amount, she found out that the money was transferred to a bank in China.
These incidents show that hackers are getting better at tricking people with phishing scams. It’s getting harder to identify fake emails since they come from people who know the current events in your life and use that information to hide their true identity. The only way to keep yourself safe from these attacks is to never download attachments or click on links in emails and always check with the source of the email whether it is a legitimate email or not.