Phishing Scam Costs Massachusetts Town $102K

February 25, 2022

The Massachusetts tow nof Tewksbury has been cheated out of more than $100,000 in a phishing scam, but hopes to recover most of the money through insurance claims, the town manager said.

An employee of Tewskbury received a seemingly legitimate email in late December from a regular vendor seeking payment via wire transfer, Town Manager Richard Montuori said in a statement. The request was not unusual because the town pays several of its larger vendors via wire transfer.

But the email was spoofed to appear to come from the vendor and when payment was made to a bank in late January, town officials soon discovered that the email and wire request were fraudulent. The town immediately notified the vendor, local police and the FBI.

Of the $102,000 lost in the phishing scam, the town hopes to be repaid $92,500 via insurance, he said.

Meanwhile, Montuori has ordered a freeze on any new wire transfers and will implement new wire transfer procedures. The town has also launched a review of protocols, controls, and security.

The town will also will have its audit firm, which has expertise in fraudulent attacks, review the incident,