The Office of the Inspector General (OIG) has released a report revealing that Baltimore city was tricked out of hundreds of thousands of dollars last year by a cyber-criminal posing as a vendor.
After receiving information from Baltimore’s Bureau of Accounting and Payroll Services (BAPS) in regards to a suspected fraudulent Electronic Funds Transfer (EFT), the OIG launched the investigation that uncovered the scam.
Suspicions arose when a contractor received funds from the Mayor’s Office of Children and Family Success (MOCFS).
The fraudster, who falsely claimed to be associated with an employee from the vendor company, emailed BAPS and MOCFS twice asking to change the vendor’s EFT remittance information.
They then requested for the filed bank details to be updated to a separate bank account at a completely different financial institution.
“The OIG later determined that the email account associated with the Vendor Employee was compromised by a malicious actor, who established rules within the Vendor Employee’s email account as a result of a phishing attack,” noted inspector general Isabel Mercedes Cumming.
She added: “Therefore, the malicious actor was able to correspond directly with City employees without the Vendor’s knowledge.”
