Security Affairs
Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Ocala City in Florida lost $742,000 following BEC attack

Business email compromise scam (BEC) continues to target organizations worldwide, crooks stole $742,000 from Ocala City in Florida. The City of Ocala in Florida is the last victim in order of time of a profitable business email compromise scam (BEC) attack, fraudsters redirected over $742,000 to a bank account under their control. Attackers’ emails posed […]

Norfund BEC

Business email compromise scam (BEC) continues to target organizations worldwide, crooks stole $742,000 from Ocala City in Florida.

The City of Ocala in Florida is the last victim in order of time of a profitable business email compromise scam (BEC) attack, fraudsters redirected over $742,000 to a bank account under their control.

Attackers’ emails posed as an employee of a construction company, Ausley Construction, that is providing its services to the city for the building of a new terminal at the Ocala International Airport.

The BEC attack took place in September, when fraudsters sent an email to a city senior accounting specialist informing him to send future payments to a new bank account.

Clearly, the attackers had a deep knowledge of the targeted organization and such kind of attack implies a long preparation during which fraudsters collect as much information possible related to the victims.

Impersonating vendors or clients is the latest trend observed in BEC scams, and requires a lot of preparation to create a message the victim will take for genuine. This phase involves social engineering techniques, OSING, and also malware.

“In the case of Ocala, the criminals gave the city employee a routing number and a bank account number along with a copy of a voided check.” reported BleepingComputer.

Fraudsters used a messages sent from a fake address of the company, “ausleyconstructions.com” instead of the legitimate ” ausleyconstruction.com/ ” domain.

On October 22, Ausley Construction sent a payment reminder to the Ocala city because an invoice submitted five days earlier had not been paid, then the officers at the city discovered that the money was transferred to crooks’ banking account. In August, the city of Naples, Florida, was a victim of a BEC attack and fraudsters redirected around $700,000 into their account.

In September, Toyota Boshoku Corporation announced that one of its European subsidiaries lost more than $37 million due to a business email compromise (BEC) attack.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – BEC, Ocala City)

[adrotate banner=”5″]

[adrotate banner=”13″]