The City of Naples says the cyber attack that resulted in the loss of $700,000 was a “sophisticated” spear phishing strategy.
Spear phishing is an email targeted at a specific individual or department within an organization that appears to be from a trusted source. It’s different from a standard phishing attack because the emails are more personalized.
The funds were paid to a fake bank account the attacker provided while posing as a representative from the Wright Construction Group, which was doing infrastructure work on Eighth Street South in downtown Naples, according to a news release.
City Manager Charles Chapman said the attack, which is currently under criminal investigation, was an isolated incident and has not impacted the city’s data systems.
“The city’s data systems are safe and secure,” he said in a statement. “This attack was not malware or ransomware (and) no data breach occurred. The city has and will continue to make improvements to our information technology systems.
“We take cyber security very seriously. We actively train our employees to identify cyber security threats. In today’s business environment, it is not a matter of if you are going to be attacked, it’s a matter of when are you going to be attacked. Despite our best preventative measures, the City of Naples is now a victim of a cyber-crime.”
The city has paid Wright Construction for the work performed and has filed a claim with its insurance carriers and banking institutions, the news release said.
City Spokesman David Fralick said the city plans on holding a press conference with more details about the attack sometime next week, possibly as early as Tuesday.
Collier Mosquito Control District was the victim of a similar spear phishing attack a year ago that began when the director of administration at Collier Mosquito Control received an email about the district’s health insurance.
The email claimed the district was short about $12,000 for its June health insurance bill. The email also instructed the administrator to send the money to a different bank account than usual.
According to a police report, the administrator thought the email was “out of place” and called a supervisor from the insurance agency to confirm the shortage. After speaking with the supervisor, the administrator believed the email was legitimate and sent the money to the requested account.
To read the original article: