An email phishing scam duped the government of Puerto Rico into transferring more than $2.6 million into a fraudulent account, The Associated Press reports. A government agency transferred the funds on January 17th, but the incident was just discovered this week. Puerto Rico is working with the FBI to investigate and recover the funds.
Rubén Rivera, finance director of the island’s Industrial Development Company, told AP that the agency received an email alleging a change to a bank account tied to remittance payments. In response, the agency transferred the funds to the fake account. It’s still unclear how officials discovered the scam, if anyone has been dismissed or if the agency’s operations have been affected because of the missing funds.
It’s one thing for government agencies to be hacked via ransomware, like we’ve seen in Baltimore and Atlanta. It’s another thing to be fooled by a phishing scam. The incident is a reminder that no one is safe, and one wrong move can cost millions. This is the last thing Puerto Rico needs in the midst of its 13-year recession, and as we’ve seen in Baltimore and Atlanta, the cost of recovering from cybercrime tends to grow quickly.