The breech diverted approximately $498,000 from the city payroll account. Still, all city employees have received their earned paychecks. This hack was the second time in less than a month that a breach of city security had occurred.
How did the attack occur?
The city of Tallahassee employs an out-of-state third-party vendor to host their payroll services. Their employees should be paid regularly through direct deposit. However, a foreign hacker apparently targeted this third-party vendor, effectively redirecting the direct deposits to their own accounts.
The city of Tallahassee found out about the breach when their bank alerted them. Of course, employees found out simultaneously when they awoke to realize they had not been paid on payday.
Is there any way to get the money back?
In the majority of large scale hacks, stolen funds or data is difficult or impossible to retrieve. Still, with help from their bank, the city of Tallahassee has managed to recoup approximately a quarter of the stolen money.
They continue to pursue criminal charges against the hackers with the aid of law enforcement and their insurance provider as well.
How do cyber attacks like these occur?
Successful cyberattacks usually start with some form of an email hack. This is usually achieved through phishing.
In fact, before the most recent hack of the city of Tallahassee, an email had been sent out that appeared to be from the City Manager. It was actually from an outside hacker who had included a virus disguised as a Dropbox link in the email.
While it is not suspected that this email was related to the stolen payroll funds hack, this does happen. “Phishing” emails can help hackers procure useful information about accessing in-network files and accounts.
How can you prevent hackers from attacking your business?
Large municipalities such as Tallahassee City are increasingly being targeted in cyber attack thefts. But the truth is, any business — or individual, for that matter — can fall prey to a cyber attack.
Unfortunately, the retrieval rate on hacking thefts is not high, meaning that prevention is key. The best way to prevent a hack is to prevent phishing, as this is how most hackers access your systems and accounts.
Make sure that everyone on your staff is keenly aware of what to look for in terms of phishing emails. When in doubt, suspicious emails should be left unopened. Or, at the very least, links should not be clicked, and personal or account information should never be handed over unless it’s sure the request is legitimate.
It’s also important for businesses to employ the services of a reputable and experienced IT services provider. Look for one who specializes in cybersecurity and has experience dealing with hacking prevention.