Dallas County scammed out of $2.4M by cyber criminals
DALLAS - Dallas County has fallen victim to a cybercrime, and it cost county taxpayers $2.4 million.
Tuesday, behind closed doors, Dallas County Commissioners were briefed on a potential fraudulent payment that was wired after a county employee received a fake email message impersonating one of the county's partners.
The CBS News Texas I-Team learned the email looked like it was from one of the county's vendors asking for payment. In reality, it is was a phishing email that ultimately convinced a county employee to wire more than $2-million.
According to a statement from the Dallas County Administrator, Darryl Martin, the county became aware of the incident on November 17 and has turned over all evidence to the F.B.I.
State law requires all government employees to undergo cyber security awareness training. This training includes how to spot phishing emails.
"They are taught that (cyber criminals) can change the name on their email address and what to look out for," said cyber security expert Ben Singleton. Singleton's Arlington cybersecurity firm, NetGenius, is a state certificated cyber security training provider.
"I don't think the recipient of this email in Dallas had that training. They would have known what to look for," Singleton said.
The I-Team asked county officials if those who received the fraudulent email had underwent the state mandated training. As of Tuesday evening, the county had not responded to the question.
In October, hackers accessed the Dallas County network and stole data. The cybercriminal organization, Play, has threaten to post the data on the dark web.
Dallas County says this latest incident is not related to the October cyberattack.