The government of Puerto Rico has publicly announced that its Industrial Development Company has fallen victim to an email phishing scam.
The government-owned corporation transferred $2.6 million to a fraudulent account after reportedly receiving an email that alleged a change to a bank account tied to remittance payments. The transfer was made on January 17, 2019, but officials only found out about the incident earlier this week. Upon discovery, officials immediately reported it to the FBI for investigation.
Executive director of the agency, Manuel Laboy commented, "This is a very serious situation, extremely serious. We want it to be investigated until the last consequences."
Laboy declined to comment on how officials first learned about the scam, whether anyone has been dismissed, or how the company's operations have been impacted by the lost funds. He did say however that an internal investigation is currently underway to determine whether someone was negligent and transferred the funds by mistake, or if someone did not follow standard procedure, adding that officials are still working to recover the stolen funds.
It's one thing for government agencies to be hacked via ransomware, like what we've seen in the city of Atlanta, Riviera Beach, and Lake City, Florida. It's another to be tricked by a phishing scam. This attack should serve as a friendly reminder to all that no one is 100% safe, and one false move could cost an organization millions.
This news is the last thing the people of Puerto Rico want to hear given that the country is in the midst of its 13-year recession, and we've seen in Atlanta that the cost of recovering from a cyber attack can be very pricey.
>> Learn why layering security defenses is the only way to protect against the threats of modern malware and phishing in our latest whitepaper The Art of Layered Security