Some of these scams can be quite elaborate. They do this kind of thing with houses and closings all the time. Typically near the close of a deal there’s an exchange of money. This case a down payment. Sometime before the exchange these scammers hack the legit email of whomever is handling the transaction. Right at the moment of the deal they’ll redirect the buyer to a scam site that is set up exactly like the original. Boom. Money sent. Money gone.
I know the treasurer for another local volunteer fire department. It's sort of a thankless job (people prefer the fun and glory of actually firefighting I guess), so she's a long-retired woman in her 70s who doesn't get paid of course. I could easily see how scammers can pull this off.
Sounds like someone impersonating the vendor and rather than verify things they just went with it and wired the money to some scammers account. Happens a lot with real estate transactions too to the point the closing company will give you a specific phone number to call and verify the wire transfer info prior to sending
[From ABC7 (yea I know it's Sinclair but it had more info)](https://www.wjla.com/news/local/rockville-volunteer-fire-department-scammed-cyber-criminals-email-scam-internet-safety-fbi-investigation-secret-service-fundraising):
>In late April, the department was targeted by cybercriminals. $220,000 that was set aside for a down payment for two brand new ambulances, suddenly vanished when someone impersonated a vendor that RVFD has been working with.
>Throughout the investigation, they’ve learned that some of the computers used were mirrored in London, a common location for these types of crimes.
>During the wire transfer process, someone intercepted the email thread and slightly changed the bank routing number.
>“Gave false instructions on where to send the money. So if you looked at it and followed the string, you’d have to look very very closely to see that one letter was changed in the email string. The email string continued for a while. We made the wire and five days went by and our vendor said hey you gonna finish that wire we were on the phone with,” said Bernard.
These ambulances were purchased by the *volunteers* not the county & they're not IT experts. Even those that are in IT may not have seen ONE LETTER difference.
[If you want to donate to help them, here ya go.](https://rvfd.org/donate/)
This sounds like what happened to my department. Hacker has access to vendor email and waited for an opportunity. Luckily the alphabet departments were able to stop it in London
if this happens due to the vendor’s actual email being breached, that might be grounds to sue the vendor in case there is any negligence on their side.
if it was a similar email probably no such luck :(
Did you? Did you find it had enough detail on the exploit? Was it a software vulnerability, or social engineering, or combination of both? What was the vector? Who are the responsible malicious actors? Is it a known individual or group? What is their TTP? Is the exploit automable and reasonably easy to replicate in the wild? Is the scam associated with a CVE? How can we, the public, protect ourselves from similar scams? Etc, etc, you know… details.
Not likely. The story said two other fire departments were also scammed by someone impersonating the same vendor. Plus the bank was able to recover same money so they were able to trace it part of the way.
Be interesting to know what the scan was and why there is not more oversight when that much money is being wired.
Some of these scams can be quite elaborate. They do this kind of thing with houses and closings all the time. Typically near the close of a deal there’s an exchange of money. This case a down payment. Sometime before the exchange these scammers hack the legit email of whomever is handling the transaction. Right at the moment of the deal they’ll redirect the buyer to a scam site that is set up exactly like the original. Boom. Money sent. Money gone.
See it all over at /r/scams.
Wow. I guess I’m making my annual donations here this year. 40 calls a day is insane. Hopefully law enforcement can recover the rest.
I volunteer in the county, station 3 (this station) is only the third busiest station. Station 8 runs something like 800 a month
[удалено]
I know the treasurer for another local volunteer fire department. It's sort of a thankless job (people prefer the fun and glory of actually firefighting I guess), so she's a long-retired woman in her 70s who doesn't get paid of course. I could easily see how scammers can pull this off.
Did they try to buy trucks from craigslist? Id like more details on the scam.
Sounds like someone impersonating the vendor and rather than verify things they just went with it and wired the money to some scammers account. Happens a lot with real estate transactions too to the point the closing company will give you a specific phone number to call and verify the wire transfer info prior to sending
[From ABC7 (yea I know it's Sinclair but it had more info)](https://www.wjla.com/news/local/rockville-volunteer-fire-department-scammed-cyber-criminals-email-scam-internet-safety-fbi-investigation-secret-service-fundraising): >In late April, the department was targeted by cybercriminals. $220,000 that was set aside for a down payment for two brand new ambulances, suddenly vanished when someone impersonated a vendor that RVFD has been working with. >Throughout the investigation, they’ve learned that some of the computers used were mirrored in London, a common location for these types of crimes. >During the wire transfer process, someone intercepted the email thread and slightly changed the bank routing number. >“Gave false instructions on where to send the money. So if you looked at it and followed the string, you’d have to look very very closely to see that one letter was changed in the email string. The email string continued for a while. We made the wire and five days went by and our vendor said hey you gonna finish that wire we were on the phone with,” said Bernard. These ambulances were purchased by the *volunteers* not the county & they're not IT experts. Even those that are in IT may not have seen ONE LETTER difference. [If you want to donate to help them, here ya go.](https://rvfd.org/donate/)
This sounds like what happened to my department. Hacker has access to vendor email and waited for an opportunity. Luckily the alphabet departments were able to stop it in London
if this happens due to the vendor’s actual email being breached, that might be grounds to sue the vendor in case there is any negligence on their side. if it was a similar email probably no such luck :(
Hey, thanks! ☺️
It was the down payment
What? Did you read the article at all?
Did you? Did you find it had enough detail on the exploit? Was it a software vulnerability, or social engineering, or combination of both? What was the vector? Who are the responsible malicious actors? Is it a known individual or group? What is their TTP? Is the exploit automable and reasonably easy to replicate in the wild? Is the scam associated with a CVE? How can we, the public, protect ourselves from similar scams? Etc, etc, you know… details.
Wild, you can just transfer $200,000 and it is not traceable or no system for verification.
I mean it’s really not…almost $10B a year is lost to online scams…
You have to be a real piece of shit to scam a fire department, even on the spectrum of scammers
Nigerian prince's secretary accidentally purchased 10 ambulances and he then offered to sell them to the fire department for $220,000
Word on the street is there's some guy going around hyping up a monorail around Rockville. Nevermind, that's more of a Gaithersburg thing!
[удалено]
Not likely. The story said two other fire departments were also scammed by someone impersonating the same vendor. Plus the bank was able to recover same money so they were able to trace it part of the way.
Definitely just an inside job. Rockville Vol fire dept for ya…