A scammer conducted a Business Email Compromise attack on Baltimore, stealing over $1.5 million by spoofing a vendor and manipulating bank details. The cityβs internal controls were weak, enabling repeated fraud attempts and financial losses. #BusinessEmailCompromise #BaltimoreFraud
Keypoints
- A fraudster impersonated a vendor employee to redirect payments through BEC tactics.
- Two EFT transactions totaling over $1.5 million were fraudulently approved by the department.
- Internal controls and verification procedures were insufficient, allowing the scheme to succeed.
- Baltimore has experienced multiple vendor scams since 2019, with cumulative losses exceeding $438K.
- The city lacked effective safeguards even after previous fraud incidents, increasing vulnerability.