Wisconsin Republican Party lost $2.3m after falling for fake invoices

The Wisconsin Republican Party recently lost as much as $2.3 million (£1.77 million) to "a sophisticated phishing attack" that involved hackers sending the party well-crafted phishing emails that contained doctored invoices under the name of the party's vendors.

The phishing attack was carried out by hackers who created doctored invoices under the name of vendors of the Wisconsin Republican Party and sent the invoices to the party via well-crafted emails to request payment for services rendered.

On 22nd October, the party discovered that it had paid out as much as $2.3 million (£1.77 million) to fraudsters who masqueraded as its vendors in emails to lure it into transferring the money to their own accounts. The party immediately contacted the FBI which is presently investigating the situation.

“Cybercriminals, using a sophisticated phishing attack, stole funds intended for the re-election of President Trump, altered invoices, and committed wire fraud. These criminals exhibited a level of familiarity with state party operations at the end of the campaign to commit this crime.

“While a large sum of money was stolen, our operation is running at full capacity with all the resources deployed to ensure President Donald J. Trump carries Wisconsin on November 3rd,” the Wisconsin Republican Party said in a statement published on its website.

According to AP News, Republican Party Chairman Andrew Hitt said the hackers "manipulated invoices from four vendors who were being paid for direct mail for Trump’s reelection efforts as well as for pro-Trump material such as hats to be handed out to supporters."

The theft of millions of dollars from the Republican Party's coffers just two weeks before the U.S. Presidential Elections, among the most bitterly-fought in recent history, could severely restrict the Wisconsin Republican Party's campaign efforts. However, the party has stressed that despite the huge theft, its "operation is running at full capacity with all the resources deployed to ensure President Donald J. Trump carries Wisconsin on November 3rd".

According to Hank Schless, senior manager of security solutions at Lookout, the attacker likely targeted individuals who handled the campaign’s finances in order to gain access to the expense management system. By just tweaking the routing numbers on expense reports, the attackers were able to steal millions of dollars.

"This shows how one small change can have a large scale effect. We have to remember that not all cyberattacks require malicious software. Credential theft through phishing is one of the easiest ways malicious actors can gain access to your infrastructure," he added.

Chad Anderson, senior security advisor at DomainTools, says that cybercriminals appear to be discovering the reality that as opposed to engaging with ‘wide-net’ phishing campaigns, they can save time and energy in researching one individual within a business, such as a member of the finance or HR teams, and sending them a targeted email that they would feel remiss not to engage with, such a message from the CEO or a member of the C-suite.

"Sites such as LinkedIn make this incredibly easy to achieve, allowing a threat actor to research members of staff in an organisation with a few clicks, In order to avoid the exponential growth of these scams continuing, businesses need to engage in robust training and awareness campaigns with staff, as well as investing in an email filtering system which is regularly audited and updated," he adds.

Read More: Chinese domains behind a third of HMRC phishing scams, finds study

MORE ABOUT: