LOCKDOWN FRAUDSTERS TARGET COUNTY COUNCIL’S CASH AS SUPPLIER’S EMAIL IS HACKED
ANGLESEY Council and some of its suppliers were almost left paying the price thanks to IT scams in circulation during the lockdown.
A report to the council’s Audit Committee confirmed that two similar frauds had tried to obtain council funds since March, with one involving the hacking of a supplier’s email system.
Members were told that while Anglesey’s own IT systems had not been compromised, one attempt to gain financial benefit was almost successful after the unnamed company’s system was hacked by scammers, leading to the authority receiving what seemed to be a genuine request to change the firm’s banking details for future payments.
It was only after an invoice was paid into what turned out to be the scammers’ account was the issue flagged up, after the recipient bank’s fraud team alerted the authority’s own bank.
When asked for further information, a council spokesman confirmed that while the attempt was thwarted in time by the recipient’s bank – who froze the account and notified the authority’s own provider – they could not divulge the amounts involved or any more details due to the ongoing police investigation.
But as a result of the attempt, known as “malicious redirection,” counter fraud training sessions were arranged for council staff to raise awareness of what to look out for, particularly during the lockdown.
This training had proved particularly useful after a payroll officer successfully flagged up a further unrelated attempt before any transfers were made.
The second attempt, known as “email spoofing,” is when emails are designed to appear like it originated from the legitimate company.
But while the authority’s own computer systems were not thwarted on either occasion, further audits are planned to further judge the safety of the authority’s security measures.
Responding to the findings, Cllr Dylan Rees pointed out a recent announcement that Redcar and Cleveland council had to spend £10.4m following a massive cyber attack on their own IT systems.
Seeking clarification on the stability of the resilience of Anglesey’s security measures, he was reassured by officers that a recent audit offered reasonable assurance and that proper safeguards are in place.
But with the vast majority of staff working from home, it was also acknowledged there had been a “huge transition” to digital from traditional office working.
As a result the Chief Executive, Annwen Morgan, spoke of a need to be vigilant in terms of potential cyber attacks in future.
She added: “The IT department is looking at staffing levels and its expertise in even better management of any cyber attacks, this structure is under consideration which should improve things going forward.”
A spokesperson for the authority confirmed that Salford City Council’s IT Service is being commissioned to assist the internal audit department with future work in the field.