City of Unalaska falls victim to phishing attack resulting in loss of over $2.9 million

• The City has managed to recover around $2.3 million which was lost in a phishing attack.
• The scammers had posed themselves as a known vendor and sent an email.

The City of Unalaska has managed to recover around $2.3 million which was lost in a phishing attack. The recovered amount is part of $2,985,406.10 which the City had sent scammers.

What happened?

According to the City Manager Erin Reinders, the scammers had posed themselves as a known vendor and sent an email. The email included a request for the change in payment method.

This caused the employees to sent payments for legitimate invoices to a fraudulent bank account that did not belong to the subject vendor. The payment was done between May 15 and July 9, 2019.

When government officials became aware of the situation, they ceased the payments and immediately contacted the FBI.

What actions have been taken?

The City has informed the FBI about the incident on July 10. There is no evidence if any individual’s data was involved in the scam.

“In the case of Unalaska we were able to recover funds and prevent any future loss thanks to the timely and thorough response from the city administration. We are continuing to investigate this case in an effort to identify the perpetrators,” said FBI Special Agent Steve Forrest, Anchorage Daily News reported.

Following the phishing attack, City staff has started to revise its internal controls and processes. It has also incorporated FBI recommendations and Government Finance Officers Association's best practices to identify and close gaps in order to reduce future risks.

The City expects to recover the difference amount ($637,861.67) through insurance.