Well, Wellfleet, That Was Close!
You know that moment when you realize you’ve almost done something incredibly costly? Like nearly losing $1.1 million because of a single email? That’s what happened to the town of Wellfleet last summer. Let’s dive into this near-disaster and what we can all learn from it.
How a Simple Email Turned into a $1.1 Million Close Call
In July 2023, Wellfleet was almost scammed out of a whopping $1.1 million. It all started when the former town treasurer, Cameron Scott, received an email that appeared to be from MIG Corp., the contractor working on the Herring River Restoration Project. The email requested a change in payment method to a wire transfer, and without verifying the request, Scott wired the money to what turned out to be a fraudulent account.
Luckily, the fraud was detected within two days by other town officials, and thanks to the swift action of Cape Cod 5, the town’s bank, the funds were frozen before they could be transferred out. Disaster averted, but only just.
The Anatomy of the Scam
- Step 1: The scammer, posing as a contractor, sends an email requesting a payment change.
- Step 2: The unsuspecting recipient, in this case, the town treasurer, complies without verifying the authenticity of the request.
- Step 3: A large sum of money is wired to a fraudulent account.
- Step 4: If not detected quickly, the money is gone for good, with little chance of recovery.
Who’s at Risk?
This scam is a classic example of what’s known as Business Email Compromise (BEC). It typically targets organizations like municipalities, where large sums of money are transferred regularly. The scammers rely on human error—someone not double-checking the details—to succeed.
Why This Matters to You
Even though Wellfleet was lucky enough to get their money back, many aren’t as fortunate. Scams like this can drain a town’s budget, disrupt services, and lead to a lot of finger-pointing and stress. If it can happen to a well-organized town, it can happen to anyone.
How You Can Protect Yourself and Your Community
- Verify, Verify, Verify: Always double-check the legitimacy of any request to change payment methods, especially for large sums of money. Pick up the phone and call the sender using a known number—not the one provided in the email.
- Train Your Team: Regularly train staff on how to spot phishing emails and other common scams. Make sure everyone knows the protocols for verifying payment requests.
- Implement Robust Controls: Use advanced email filtering solutions to block phishing emails before they reach employees. Also, ensure that all financial transactions are verified by more than one person.
Quick Tips & Updates:
- Quick Tip #1: "Did you know? Even small changes in an email address can be a sign of phishing. Always check for subtle differences in email domains."
- Quick Tip #2: "Pro Tip: Implement a policy where all payment method changes must be verified with a follow-up call to a known contact."
Have you ever been targeted by a scam or heard of a situation like this? Share your experiences with us—your insights could protect others from falling victim.
Stay safe, stay informed, and remember: when it comes to money, especially in large sums, it’s always better to be overly cautious. A simple verification step could save you from a massive financial loss.
Key Terms Explained:
- Phishing: A type of cybercrime where scammers pose as legitimate entities to steal sensitive information or money.
- Wire Transfer: A fast method of transferring money electronically, which can be risky if not properly verified due to its irreversible nature.
- Multifactor Authentication: A security process that requires users to provide two or more verification factors to gain access to a resource, such as an account or application.
To read more, find source article here