There were no desperate pleas from African princes.
There were no email messages from banks or Amazon that needed a credit card number.
A phishing scam that took more than $344,000 from the State of Montana Department of Agriculture vanished with something more sophisticated, a “man-in-the-middle” scheme. By the time the department was able to identify the problem, the money was likely overseas – somewhere.
The good news was that another large payment for a similar amount had already been flagged by a bank as suspicious.
During a meeting of the Legislative Audit Committee last week, lawmakers heard how the phishing or phone-email scam worked and learned that the state’s cyberinsurance policy had paid the claim, leaving both the department and a grant recipient, U.S. Dry Pea and Lentil Council, whole.
The phishing scam had been identified, along with another thwarted phony attempt for gift cards, as part of a routine financial compliance audit. Both Montana Department of Agriculture Director Christy Clark and chief legal counsel for the department, Cort Jensen, said that policies and procedures have been updated.
Email scheme
The email scheme worked when hackers obtained email from both the lentil council and state ag staff. Jensen described the way the hackers monitored the email, taking information and setting up false email accounts. Then, having learned of several grants that were routine, hackers told department…
