Audit Report Reveals Hackers Siphoned off $1 Million in Taxpayer Money

The city of East Point, an Atlanta suburb, experienced a devastating email scam in 2021 that resulted in a substantial loss of almost $800,000 in public money. Seeking potential reimbursement through their cybersecurity insurance, city officials have taken significant steps to address the situation and bolster their financial defenses, per AP News.

The elaborate email scam

In a calculated and sophisticated attack, cybercriminals targeted the city of East Point through its email system in 2021. The hackers sent out a series of fraudulent invoices posing as legitimate city employees, deceiving unsuspecting workers into wiring large sums of money to a seemingly genuine company, per AP News. The total amount wired reached a staggering $1,219,287 as city employees were lured into the elaborate scheme.  Fortunately, city officials were able to claw back one of the wire transfers amounting to $434,197 after realizing the scam. Nevertheless, the city of East Point with its 38,000 residents living near the Atlanta airport remained burdened with a significant loss of $785,090.

Revelation and concerns

The magnitude of the financial losses came to light during a city council meeting sending shockwaves throughout the municipality. City Council member Stephanie Gordon expressed her concerns, questioning the lack of oversight that allowed such a substantial amount of money to be wired without proper authorization. Gordon asserted, "There was absolutely no controls in place... there's no excuse for it."

City Manager Deron King defended the delay in disclosure, explaining, "We didn't immediately inform the council because FBI agents were investigating, and we wanted to be cautious about sharing sensitive information." He further stated, "The safety of our citizens and ongoing investigation were paramount."

In response to the growing concerns from the council members, Mayor Deana Holiday Ingraham reassured the public, "I can assure you there will be full transparency during this entire process with an emphasis on accountability to include timelines and benchmarks."

Enhanced measures and future precautions

Taking immediate action, the city of East Point swiftly embarked on measures to mitigate future risks. The City Council unanimously approved the engagement of Tab & Tab LLC, a reputable firm, to conduct an extensive audit. The firm's representative, John Tab, emphasized, "We will conduct a thorough investigation and leave no stone unturned to identify any potential weaknesses in the financial processes."

The audit will not only examine the losses incurred from the email scam but will also extend its examination to encompass the fiscal year 2022, per Fox5 Atlanta. "We aim to provide comprehensive insights to fortify the city's financial systems and reduce vulnerability to cyber threats," added Mr. Tab. City officials also intend to explore proposals from forensic audit firms to further safeguard their financial systems. A forensic audit expert stated, "Our team is equipped to meticulously examine financial records, trace fraudulent activities, and provide robust recommendations for future prevention."

To ensure greater accountability and transparency, the city authorities have decided to incorporate monthly financial updates into the public meeting agenda. "Our citizens have the right to know the city's financial status and be actively involved in the process," Mayor Ingraham affirmed. The city of East Point is resolutely working towards recovering lost funds and implementing robust measures to protect against future cyber threats. Through audits, enhanced oversight, and regular updates, the city seeks to reinforce its financial defenses and cultivate a more secure and accountable financial environment for its residents.

Rise in phishing scams since the pandemic 

Phishing is the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day. According to researchers at Abnormal Security, the volume of BEC (Business Email Compromise) attacks increased by 81% during the second half of 2022 and the total attack volume grew by 175% in the past two years, per ZDNET. Hence, there's a greater need for awareness about these scams so we can recognize phishing or scam emails and take the necessary steps to avoid them. You can learn more about how to stay away from these scams from these CISA guidelines.