Cyber Incident Victim: City of Ocala
Date:
Sep 2019
Location:
United States of America
Summary
The City of Ocala fell victim to a business email compromise scam where fraudsters impersonated a construction contractor via a spoofed email domain, directing a senior accounting employee to redirect a payment exceeding $742,000 to a fraudulent bank account. The attackers provided falsified banking documentation to legitimize the request. The scheme was uncovered weeks later when the legitimate contractor inquired about an unpaid invoice, revealing the funds had been diverted. Approximately $110,000 remained recoverable in the fraudulent account upon discovery, but the majority of the transferred amount was lost. This incident mirrored similar high-value BEC frauds targeting other organizations during the same period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In September 2019, the City of Ocala, Florida, experienced a business email compromise (BEC) attack resulting in a fraudulent transfer of $742,376.73. A senior accounting specialist employed by the city received an email appearing to originate from Ausley Construction, a legitimate contractor engaged with the municipality. The email requested that future payments be redirected to a new bank account, providing a routing number, account number, and a copy of a voided check to lend credibility. The message originated from the domain "ausleyconstructions.com," a slight variation of the authentic "ausleyconstruction.com" domain lacking the letter 's' at the end. This typographical difference in the domain name was a deliberate spoofing tactic employed by the attackers. The city processed at least one payment to this fraudulent account on October 17, 2019, following an invoice submission five days prior. The transaction occurred without immediate detection, as the manipulated communication and supporting documentation appeared legitimate to the accounting staff.
The fraud was discovered on October 22, 2019, when Ausley Construction notified the city about non-payment of the October invoice. An internal review revealed the funds had been transferred to the attacker-controlled account instead of the legitimate vendor account. The Ocala Police Department documented the total loss at $742,376.73. According to Mayor Kent Guinn, approximately $110,000 remained in the fraudulent account when authorities intervened, suggesting partial recoverability of the stolen funds. This incident mirrored contemporaneous BEC patterns affecting other entities, including the City of Naples, Florida, which lost approximately $700,000 in a similar scheme around August 2019. The attack relied on social engineering rather than technical system breaches, exploiting procedural trust in vendor communication channels. No additional technical details regarding malware involvement or network compromise were disclosed in public reporting. Financial repercussions were confined to the diverted payment, with no reported secondary operational disruptions to municipal services.