Scammers steal $2.3 million from small US town
Image: The Record
Catalin Cimpanu August 25, 2021

Scammers steal $2.3 million from small US town

Scammers steal $2.3 million from small US town

The Town of Peterborough, New Hampshire, said it lost $2.3 million after scammers tricked town employees into sending large payments to the wrong accounts.

Town officials said they first learned of the losses on July 26 after the ConVal School District said it did not receive its $1.2 million monthly transfer.

An investigation into the lost payment revealed that scammers used spoofed email accounts and forged documents to redirect the town’s payment to accounts under their control.

During the subsequent investigation, officials said they also discovered two additional hijacked payments that were meant to reach Beck and Bellucci, two contractors working on a local bridge.

US Secret Service officials, who were called in to investigate the incident, told Peterborough officials that the stolen funds had been laundered and converted to cryptocurrency.

“We do not believe that the funds can be recovered by reversing the transactions, and we do not yet know if these losses will be covered by insurance,” Select Board Chairman Tyler Ward and Town Administrator Nicole MacStay said in a press release on Monday.

Town employees who were tricked by the scammers and authorized the fraudulent payments were put on leave, but Ward and MacStay said they don’t believe they were involved in the scheme.

The $2.3 million loss represents almost 15% of the town’s yearly budget.

This type of attack is typically known as a “BEC scam” or “BEC fraud.”

According to the FBI yearly’s cybercrime report, companies lost $1.8 billion to BEC scammers in 2020, a sum that accounted for 43% of all of last year’s total lost funds.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.