Almost $700,000 were stolen from the city government in Washington, D.C. in July after scammers posing as a city vendor got the amount transferred to their account.
City officials told The Washington Post that the Treasury Department is investigating the theft. Amounting to hundreds of thousands of dollars, the stolen money, which is yet to be recovered, was wired to the bank account of the scammer.
Following the theft, strict security protocols have been implemented in the office of D.C. Chief Financial Officer Jeffrey DeWitt, including requiring additional confirmation in case a vendor changes bank information, said David Umansky, the spokesman for DeWitt.
The Post reported that the scammers successfully impersonated as the vendor Winmar Construction after a fraudulent email address was created by a hacker who had gained access to information from the vendor. After changing one letter in the domain name of the company, the hacker had communicated with
The city was asked via email by the hacker to transfer the outstanding payments electronically, not by cheque. The fraudulent email address went undetected by the government. The city department then went on to pay the outstanding bills related to a design contract of a housing facility for homeless which was subsequently transferred to the hacker’s account.
A total amount of $690,912.75 for three pending payments got transferred into the hacker’s Bank of America account in New York, as per a letter from Kelly Markland, the Vice President of Winmar, which was sent to the office of DeWitt on August 1.
Markland told the Post that the company had reported the incident to FBI, pointing out that the company controller’s email address was “fraudulently mimicked” by an “unknown hacker”.