Ah, South Florida. A great place for singles, couples and families to vacation and take in the sun on various beaches that stretch from Fort Lauderdale and Miami down to the Florida Keys.
Unfortunately, it is also becoming a prime destination for cyberattacks.
In the run-up to the 2016 U.S. presidential election, Russian hackers attempted to breach the computer systems of at least five Florida county elections offices. These targeted counties included Hillsborough, Pasco, Citrus, Clay and Volusia. The hackers employed phishing emails as their primary tactic, sending deceptive messages with attachments that, if opened, could potentially have allowed them to take control of the election officials' computers. This incident raised significant concerns about the security of the U.S. electoral system and the potential for foreign interference in the democratic process.
Then, in 2019, Riviera Beach and Lake City fell prey to ransomware attacks that crippled their computer systems. These attacks were initiated through phishing emails that, once clicked, allowed cybercriminals access to critical city data. In a bid to regain control of their systems, Riviera Beach paid a ransom of $600,000 in Bitcoin, while Lake City paid $460,000. Although paying ransoms is generally discouraged, these cities felt compelled to do so to recover essential data and restore disrupted services.
Meanwhile, in 2019 as well, Naples encountered a different type of fraud where scammers posed as legitimate vendors, convincing the city to make payments totaling $700,000 for services that were never delivered. Additionally, Key Biscayne reported a "data security event," although the specifics of this incident were not provided.
Fast-forward to 2022, Pembroke Pines was involved in a ransomware attack that targeted the city’s computer systems. The attack affected the city’s ability to access certain computer systems but did not compromise any personal information of residents or employees. The city also said that the police and fire services remained operational. The city launched an investigation into the attack, notified law enforcement, and worked with specialists to restore their systems. However, the details of the attack, such as the identity of the attackers, the amount of the ransom, and the extent of the data theft, were not disclosed by the city.
Well, South Florida, here we go again. Scammers recently managed to seize $1.2 million in taxpayer funds from the city of Fort Lauderdale, Florida.
The city made a payment September 14 under the belief that they were settling a legitimate bill from Moss Construction. Detective Ali Adamson, spokesperson for Fort Lauderdale police, revealed that the city had initially deemed the payment request as genuine, only to later uncover its fraudulent nature.
Fort Lauderdale City Manager Greg Chavarria informed city staff through email that an individual submitted a request for an ACH payment while posing as Moss Construction. The perpetrator completed the necessary documentation and included an unsigned check. The Accounts Payable department then conducted a verification process and found that the names on the request aligned with the company's official records.
In that email, Chavarria did note to city staff that they are working with the city’s bank to get the funds back.
Moss Construction also responded to the situation acknowledging that individuals with malicious intent exploited their reputable name and readily accessible information to perpetrate a scam. They characterized the incident as a fraudulent scheme currently under thorough investigation by the city of Fort Lauderdale authorities and the police. The company directed all inquiries related to the matter to the Fort Lauderdale Police Department.
Phishing scams prey on unsuspecting recipients by sending emails that convincingly mimic reputable sources, often soliciting payments. Victims, genuinely convinced of the email's authenticity, unwittingly transfer funds to the scammers or divulge personal identifying information, granting the fraudsters the means to open new accounts or infiltrate existing ones.
Municipalities are attractive targets of phishing scams due to their reliance on technology and the potential for financial gain through ransomware attacks or fraud. As a result, many local governments are working to improve their cybersecurity posture to mitigate the risks associated with these types of threats.
To avoid being a victim of a phishing scam, organizations and municipalities are recommended by the Federal Trade Commission to back up data, keep all security up to date, deploy a safety net and keep staff informed of what to look out for.
Another step is to stay educated on the state of cybersecurity. One way to do this is to attend ITEXPO 2024 taking place in Fort Lauderdale, Florida, February 13-15, 2024, part of the #TECHSUPERSHOW. Since 1999, ITEXPO (News - Alert) has combined educational conference programming with a robust exhibit hall, networking events and other activities, bringing together buyers and providers of business technology products and services that drive business success.
At the #TECHSUPERSHOW (which also includes MSP Expo, IoT Evolution Expo, Future of Work Expo, Generative AI Expo and more), attendees have a chance to hear from keynoters and panels of experts covering topics that include cybersecurity and the steps needed to take with the current strategies deployed by bad actors. This is also a chance to build connections with cybersecurity experts to potentially bring in innovative solutions to your organization.
Edited by
Alex Passett
