1 min read

Puerto Rican government hit by phishing scheme

Picture of Kapua Iao Kapua Iao February 18, 2020

Email security
Computer keyboard key labeled 'Phishing' with a fishing hook

Four Puerto Rican government agencies fell victim to a phishing scheme in January 2020, sending millions of public pension fund dollars to cybercriminals within a short stretch of time. Thankfully, officials unearthed the scam soon after the transfers occurred; unfortunately, only part of the money transmitted was recovered by authorities.

 

How could this happen?

The phishing scheme began when a hacker(s) breached an employee’s computer at Puerto Rico’s Employment Retirement System in December 2019. Personnel of Puerto Rico’s Industrial Development Company then received a falsified email informing them of a change to a banking account tied to remittance payments and responded by sending $2.6 million to the fraudulent account January 17. A similar scheme simultaneously occurred with Puerto Rico’s Commerce and Export Company who sent the cybercriminal(s) $63,000. RELATED: HIPAA Compliant Email Puerto Rico’s Tourism Company sent $1.5 million. In total, the well-coordinated online scam stole over $4 million. Officials discovered the problem when someone at the retirement agency asked why it had not received its payments. As of today, authorities have frozen only $2.9 million of the total sent. Officials are unfortunately still unsure what personally identifiable information the hacker(s) stole, which could have dire, lasting consequences. Ongoing investigations by the Federal Bureau of Investigation (FBI) and various departments of the Puerto Rican government attempt to understand how this could happen and by who.

 

Phishing schemes are ever-present and damaging

According to the FBI’s recently released 2019 Internet Crime Report, phishing and related scams remain a top complaint. In fact, of the 467,361 complaints, 114,702 victims reported phishing and related schemes. Business email compromise cost victims $1.7 billion. The total lost by all complainants exceeded $3.5 billion and have grown in the last 5 years. In 2015, $1.1 billion was lost; in 2018, $2.7 billion. Such increases, along with the proliferation of advanced, well-coordinated attacks, demonstrate the importance of and need for strong cybersecurity.

 

Try Paubox Email Suite for FREE today.
Start for free
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Person holding cash while reviewing documents and examining multiple phones and devices

How to protect your organization from BEC attacks

Heather C. Orr : December 24, 2019

Business email compromise (BEC) attacks have increased 1,300% since January 2015, totaling over $3 billion in losses according to the FBI’s Internet...

Email security
Read More
Computer screen displaying fake security warning and virus alerts with phishing warning label

What is an email phishing attack?

Ryan Ozawa : July 21, 2020

If you have an email address, you've received an email phishing attack. Email phishing—also known as email spoofing or email impersonation—is a...

Email security
Read More
digital depiction of AI and phishing email

Can machine learning be used to detect phishing emails?

Caitlin Anthoney : April 28, 2026

Yes, machine learning can detect phishing emails.

Email security AI in healthcare
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.