Cyber Incident Victim: City of Griffin
Date:
Jun 2019
Location:
United States of America
Summary
Scammers stole over $800,000 from the City of Griffin through a business email compromise attack, redirecting two payments intended for a legitimate vendor to fraudulent accounts. Attackers sent a spoofed email mimicking the vendor to a finance department employee, prompting a bank account change that appeared legitimate. The fraud was discovered when the actual vendor inquired about missing payments, revealing slight discrepancies in the email address used. Investigators suspect the attackers previously compromised the vendor’s systems to obtain specific invoice details and project costs. The incident, now under FBI investigation, occurred despite the city’s firewall protections and employee cybersecurity training. Funds remained unrecovered at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The City of Griffin, Georgia, fell victim to a Business Email Compromise (BEC) fraud scheme in June 2019, resulting in the theft of over $800,000. Attackers impersonated P.F. Moon, a legitimate vendor providing water treatment services to the city, by sending a fraudulent email to Finance Department official Chuck Olmstead requesting a bank account change for payment processing. The email appeared authentic, leading Olmstead to update the payment information without verification. On June 21, 2019, the first fraudulent transaction of $581,180.51 (case #19-005312) was processed. A second payment of $221,318.78 followed on June 26, 2019, before the scam was detected. Discovery occurred when P.F. Moon contacted the city inquiring about their overdue payment, prompting officials to review the transactions and identify discrepancies in the email addresses used for the account change request.
City Manager Kenny L. Smith confirmed the incident was reported to the Griffin Police Department and the Federal Bureau of Investigation (FBI), which initiated an investigation. Authorities suspected P.F. Moon's systems had been compromised prior to the attack, as the scammers possessed detailed knowledge of project costs, invoice amounts, and contractual relationships. SunTrust Bank initially indicated potential fund recovery, but the city had not regained the stolen money at the time of reporting. The attack exploited standard BEC tactics, leveraging phishing to redirect wire transfers without technical infiltration of Griffin’s systems. Despite the city’s implementation of firewall protections and employee security awareness training, the sophisticated social engineering succeeded. Financial impacts included the immediate loss of $802,499.29 and operational disruptions during the investigation. No data breaches or system compromises within Griffin’s infrastructure were reported, with the incident confined to fraudulent payment diversion. The case highlighted broader trends in BEC fraud, aligning with FBI IC3 reports documenting $1.2 billion in annual losses from similar schemes during that period.