Get access to hundreds of financial resources as an RFP INSIDER

Learn More

Resourceful Finance Pro

Time is money: $400K lost in phishing scam not reported to leadership until months later

Brian Bingaman
By: Brian Bingaman

About the Author

Brian researches and writes about accounts payable and CFO management trends. He was a newspaper journalist in suburban Philadelphia for nearly 20 years.

Show Less
Last Updated: October 25, 2023
2 minute engagement

Imagine that someone in A/P got fooled by a bogus invoice in a phishing email and paid hundreds of thousands of dollars to a cybercrook, but you didn’t find out about it until long after the fact.

That’s what happened to the city government of Chester, Pennsylvania. A hacker posing as an insurance broker emailed the director of accounts and finance regarding a monthly workers’ compensation insurance invoice.

The scammer somehow knew the Finance manager had an email conversation going with a real insurance broker and was able to gain enough knowledge related to a legitimate invoice to start a separate email chain that had “almost identical information” and a convincing but fraudulent invoice, according to a report in the Delaware County Daily Times newspaper.

As a result, an estimated $400,000 was transferred to the imposter.

The city first became aware of the fraud during an internal review of monthly invoices. However, some top officials didn’t learn about the financial loss until three months after it happened, according to the news report.

The bank for Chester, PA, reportedly told the Finance official it’s unlikely the money will be recouped and it’s unknown whether the loss will be covered by insurance.

What’s your phishing mitigation strategy?

While we’re sure you run a tight ship, missteps can happen. So if a phishing fraudster should strike, what’s your organization’s response plan, besides notifying your bank and the police right away and filing a report with the FBI Internet Crime Complaint Center?

This incident is a reminder of how important it is to have a cyberattack disaster recovery plan and conduct periodic cybersecurity training so your entire workforce will be alert for fraud.

The City of Chester claims that its third-party IT provider successfully fended off other phishing attempts this year, yet this one slipped through. To keep phishing attacks from happening to you, this may be a good time for a cybersecurity audit with your IT team where the following questions are answered:

  • Is it time to make investments in more up-to-date cyberattack prevention and detection technology?
  • What security precautions do your software vendors currently have in place to deter phishing attempts and similar threats?
  • Is it time to get cybersecurity insurance?

Filed under

Free Training & Resources

White Papers

How Expanding Cost Drivers are Rewriting the CFO’s Healthcare Playbook

Webinars

Financial Performance, for the Way You Work

Webinars

Building a Future-Ready Tax Reporting Engine

Webinars

Eliminate Burnout and Boost Efficiency: Learn How Modern AP Solutions Create Happier, Higher-Performing Teams

Resources

You Be the Judge

Did company owe them OT to pick up protective gear?

Excel Tips

Formula: Count how often a value appears in your data

You Be the Judge

Should new owner have to follow old contract terms?

Ask the Auditor

Question: We’re a large employer subject to the ACA. A full-time employee on non-FMLA leave has stopped paying his health premiums. Can we cancel his coverage without triggering ACA penalties?

Further Reading

Expense fraud trends: What Finance must be wary of now

To deter financial loss, CFOs have to keep a pulse on expense fraud. And one great way to do that is to hear right from the employees commit...

Employees’ phishing knowledge is subpar, research finds

Pause and think about all the people at your company who could be targeted for a phishing scam – finance staffers, purchasers, executives....

Best practices for mitigating payment fraud: Vendor portals and A/P automation can help

Crooks have more tactics for committing payment fraud at their disposal than you think.For example, these are just the different types of ph...

Expense report fraud opening the door to bigger financial losses

In today’s corporate climate, strict vigilance for expense report fraud is becoming even more important for your finance department.Ne...

Is the check in the mail? Here’s why that could be a big problem

Check fraud is on the rise again. The U.S. Postal Service just alerted financial institutions that check fraud DOUBLED from 2021 to 2022. In...

Same Day ACH dollar limit will increase to $1 million

There’s a great enhancement coming for companies that take advantage of Same Day Automated Clearing House (ACH) and send or receive hi...

Privacy Policy | Terms of Service
Copyright© 2025 SuccessFuel
preloader