Puerto Rican government loses $2.6 million in phishing scam

The Puerto Rican government just lost $2.6 million in a phishing scam.

Email phishing scams aren’t anything new. Since computers first became mainstream the devious form of attack has been there to torment users. Though some basic ones only attempt to steal account credentials, others have more sinister ambitions.

Recently, a phishing scam cost the government of Puerto Rico more than $2.6 million. According to reports from The Associated Press, an undisclosed government agency unknowingly transferred the funds into a fake account. The government is now working with the FBI to try and recover the stolen money.

Unlikely Blunder

It isn’t every day that news breaks of a government agency being manipulated out of millions of dollars. However, it’s even less common for that to happen as the result of a phishing attack. Typically when a government body or large organization falls victim to cybercrime it comes in the form of a ransomware attack.

Manage your supply chain from home with Sourcengine

However, that isn’t the case for Puerto Rico. Rubén Rivera, the finance director of the island’s Industrial Development Company, first reported the problem to the police on Wednesday. The government agency allegedly transferred the funds on January 17.

Many are wondering what could have convinced officials to send such a large sum in the first place. Reportedly, the phishing email posed as communication from a bank account linked to remittance payments. Only after sending a payment of $2.6 million did the agency realize that it was fraudulent.

Manuel Laboy, executive director of the agency in question says, “This is a very serious situation, extremely serious. We want it to be investigated until the last consequences.”

At this time, it isn’t clear whether any employees have been terminated in relation to the incident. However, an internal investigation is underway to try and determine what occurred.

Upon hearing the news of the government’s blunder, Puerto Rican citizens were understandably furious. In response, Laboy said, “I cannot speculate about how these things might happen.”

He went on to acknowledge the “big responsibility” his agency has to manage public funds. Indeed, the missing money is a blow to the territory. Puerto Rico is in the midst of a 13-year recession and cannot afford to lose crucial funding as the result of careless blunders.

Happens to the Best of Us

In the last year, government agencies have been hit hard by cybercrime. Several municipalities fell victim to brutal ransomware attacks that sent their computer systems into gridlock. This includes major cities like Baltimore, Atlanta, and New Orleans. Sadly, some towns were forced to pay hundreds of thousands of dollars to free their files and systems.

Of course, a network being compromised by a ransomware attack is far different than falling for an email phishing scheme.

Regardless, this event serves as a reminder that no one is safe from online attacks. All it takes is one wrong click for things to turn bad in a hurry. For ordinary citizens, it should serve as a reality check that phishing scams are often difficult to spot. So, if an email looks suspicious in any way or asks for money that you aren’t expecting to owe, it’s probably best to not click on it.


Please enter your comment!
Please enter your name here