Puerto Rico Government loses 2.6 million dollars over a phishing scam

Phishing scams have been more of a corona virus in the cyber industry. Without any good preventive measures this hacking methodology can only be reduced and not be eradicated. Phishing scams are everywhere and the cyber aware individuals evade it, while others become victim to it. As per the associated press reports, Puerto Rico government was manipulated over a phished email on Jan 17th in San Juan, the capital city and had lost around $2.6 million over the scam.

How was the Puerto Rico Government manipulated?

It appears the government has received an e-mail on Jan 17th for transferring $2.6 million. However, without knowing that it is a malicious mail, the government transferred the funds to a fraudulent account. Rubén Rivera, the financial director of island’s Industrial Development Company, who was supposed to be at the legitimate receiving side of the funds, have raised a compliant to the police for this act by the government.

Moreover, the attacker appears to have mentioned change in bank account number and had requested for the transfer disguising as an individual from the Industrial Development Company.

Having said that, the phishing scam was identified only this week and has been reported to the FBI for further action. Manuel Lobby, the executive director of the agency has not disclosed anything further about the incident, but he accepted that it is a serious case and the government will be investigating this further. The Puerto Ricans were scandalized by the incident and are furious about the lethargic attitude of the government over the funds.

How to safe guard your organization against phishing?

Phishing is a very sneaky technique if implemented well (spear phishing), can make the end users a victim of it. phishing is usually through e-mails, messages, or any other communication medium that requests for a response from the end user. In the case of a phishing e-mails, IT departments can ensure they block mails from anonymous or unknown senders, blacklist websites, and restrict users from downloading attachments, all this can be done using an effective browser security configuration. 

However, that will not be a permanent solution as it might hinder a user’s freedom, so instead the employees and users are to be educated with the right cyber awareness especially that of phishing scams. Phishing is the starting point of most of the cyberattacks, so if users can differentiate a genuine Vs phished e-mail then your organization is in a better security posture than other organizations.

Three tips to identify phishing email scams,

• Check and verify the sender’s email address.
• Beware of fearful, forceful, dubious, or exciting content.
• Never click, open or download attachments from anonymous mails.

Employ the right security tools and practice good cyber hygiene to stay secured.