Scammers mimicked town email address, got funds wired
Scammers last month stole $57,396 from the town of Snowmass Village using a sophisticated “spear phishing” ploy, the municipality announced Friday.
The town is only out $5,000, the cost of its deductible with its insurance firm, which is paying the rest. Snowmass police are investigating, focusing on a bank in the southern United States that received the money, Town Manager Clint Kinney said in an interview.
The fraud happened July 18 when the culprits were able to mimic a town email account and request a wire transfer of town funds, a press release says. The transaction, which Kinney said was related to construction materials, was made by the town’s finance department, and the funds were wired.
The crime was noticed the following week, prompting officials to alert police, the FBI and the fraud department of the town’s bank.
“I’m not confident that we’ll get any money back from this investigation,” Kinney said.
No personal information related to town staff was compromised. Kinney on Friday emailed staff to alert them about the crime and give some pointers to guard against it happening again. Other internal financial procedures have also been altered.
Among the advice: If you decide to reply to an email, verify that the reply-to email address is the same or is the account you expected; if you suspect a phishing email, contact the IT department right away; if an email or other form of communication seems out of the ordinary or is not following the town’s standard procedures, please take the time to verify it. “The extra few minutes to confirm the source of the communication is very much worth it,” Kinney’s email says.
The press release encourages businesses and individuals to also be wary, as such phishing email scams are on the rise and can be extremely deceptive. They “are sent from what appears to be trusted sources or email accounts,” it says.