Town of Arlington loses $445,945 in wire fraud from cyberattack, town manager says

ARLINGTON, Mass. — The Town of Arlington has lost nearly a half-million dollars through wire fraud from a cyberattack, the town manager said this week.

“The Town of Arlington has been a victim of cybercrime,” Arlington Town Manager Jim Feeney said in a memo to the Arlington community dated Wednesday.

“Through what is known as a business email compromise (BEC), perpetrators used phishing, spoofing, social engineering, and compromised email accounts to ultimately facilitate wire fraud totaling $445,945.73,” Feeney said.

Of these funds, the town’s bank was able to recover $3,308. Town officials have since filed a claim with the town’s insurer “to hopefully further offset the loss,” he said.

Feeney added that the town and specifically the Arlington High Building Project is responsible for the $445,945.73 loss. The Arlington High School Building Project funds have already been allocated and are separate from the Town of Arlington’s annual operating budget, he said.

Officials believe the cyberattack “was perpetrated by an organization that is well resourced and located overseas,” Feeney said, adding that no sensitive or resident data was compromised.

The town is taking steps to recoup the loss and avoid future fraud, he said.

“We have been working with local and federal law enforcement and specialized consultants since we first became aware of the fraud,” Feeney said.

Feeney said that in September 2023, town employees received legitimate emails from a known vendor working on the Arlington High School Building Project to discuss issues with payment processing.

“Unbeknownst to the Town, threat actors had already compromised certain employee user accounts and were monitoring emails,” Feeney said. “They seized the opportunity to impersonate the vendor with an email domain that appeared genuine, requesting a change in their payment method from check to electronic funds transfer (EFT), a common method used by municipalities for on-going payments.”

“The scam was aided by fabricating and subsequently deleting emails from employee accounts, as well as creating inbox rules to manage and hide incoming messages. Once the payment method was established, a series of four monthly payments were made,” Feeney said.

The monthly payments were diverted until the vendor reported not receiving payments in February 2024, Feeney said.

“It was immediately apparent that we had been defrauded, so we alerted law enforcement and our banking institution, began a digital forensics investigation, retained a breach coach, and instituted immediate response measures to secure our network,” the town manager said.

An investigation found that “threat actor activity occurred in the Town’s Microsoft environment” between Sept. 12, 2023 and Jan. 30, 2024, in addition to other attempts to intercept wire payments totaling approximately $5 million during this time period, Feeney said.

“Fortunately, these attempts were unsuccessful,” he said. “It was further determined the threat actors had not infiltrated the network.”

The town’s IT department has been working to secure the town’s networks, and town officials have instituted mandatory cybersecurity training for all town employees, he wrote.

At its June 4 meeting, the Arlington High School Building Committee voted to authorize payment to the vendor from the project funds.

“Any monies we recoup from this fraud will go back into this fund,” Feeney wrote. “I want to emphasize that this loss does not negatively impact the completion of the High School Building project in any way.”

“That being said, I want to you assure you that we are exhausting every avenue to recoup the funds that we were defrauded of, and we are making every effort to improve our cybersecurity posture,” the town manager wrote.

This is a developing story. Check back for updates as more information becomes available.

Download the FREE Boston 25 News app for breaking news alerts.

Follow Boston 25 News on Facebook and Twitter. | Watch Boston 25 News NOW

Comments on this article