Cybersecurity and Fraud Protection
How Cyber Education Helped Stop a $5.3 Million Fraud Attempt
Drawing on their cybersecurity awareness training, the Commonwealth of Kentucky's Treasurer’s Office was able to thwart a sophisticated business email compromise scheme.
This article was originally published in Commercial Banking’s magazine, Cybersecurity: Technology and Tactics.
For years, the Commonwealth of Kentucky's Treasurer’s Office has worked closely with its Commercial Banking relationship team to battle cybercriminals and strengthen its ability to be a watchdog for the public. Working together, the two groups coordinated in-house training, reviewed Commercial Banking’s cybersecurity magazines, infographics and emails outlining best practices, adopted tools and followed procedures that stressed the need to always validate.
That work paid off last December when the Treasurer’s team quickly stopped a $5.3 million business email compromise (BEC) scheme.
“I am proud of the work Treasury staff did to thwart a $5.3 million fraud attempt on the Commonwealth,” said Allison Ball, Kentucky State Treasurer. “Ensuring that our staff stays up to date on cybersecurity training is a priority of mine. I was pleased to see it pay off as Treasury staff saved the Commonwealth from losing millions of dollars.”
Dennis Paiva, the Treasury’s Director of Accounting and Disbursements, noted that the “consistency and awareness that the Commercial Banking relationship team addresses every time we meet helped to strengthen our cybersecurity preparedness. This is a strong partnership and good example of a collaborative effort that led to a great outcome.”
Validate, Validate, Validate
The attempted fraud scheme involved a wire transfer that was sent to a member of the Treasury’s accounting team. Something about the request bothered the employee. It wasn’t the type of account information that employees typically receive. It didn’t quite pass the “smell test,” as employees described.
The accounting employee contacted his supervisor, who recalled her cybersecurity education training: validate, validate, validate—especially when something seems off. After calling the person who reportedly submitted the wire transfer, they found that the sender didn’t know anything about the email. The supervisor shared information about the fraud attempt with the entire accounting department to help emphasize payments fraud awareness.
“I have urged all Treasury employees to act as watchdogs of taxpayer dollars,” Treasurer Ball said. “Because Treasury staff were vigilant in their efforts, they were able to immediately implement process changes to mitigate the fraud attempt.”
Prioritizing Cybersecurity Education
Commercial Banking’s relationship with the Treasurer’s office began in 2011, and has focused on cybersecurity awareness, among other things. In 2017, Mike Kelly, Head of Commercial Banking Cybersecurity and Technology Controls, reviewed best practices with Treasurer Ball, her chief of staff and members of the Treasury team to discuss cybersecurity tools and controls. In addition, the Commercial Banking relationship team—Greg Mullins, Eileen Roberts, Celia Campbell, Karl Lamar and Rob Ferguson—reinforces the message in their regular meetings.
“It’s a constant theme in all our meetings,” Mullins said. “We always tell clients to stay vigilant, be aware and remember that you never know when criminals may launch an attack, so it’s critical to be prepared.”
Putting Cyber Tools and Procedures Into Practice
The Treasurer’s office uses Commercial Banking’s tools and procedures to strengthen their own controls and is now working with other state departments to share best practices. Treasury staff have expressed their gratitude to J.P. Morgan employees for their continuous efforts to warn clients about cyber schemes and payments fraud threats.
“The training and awareness they provided was a big part of mitigating the threat and turning this situation into a success story for the Kentucky State Treasury,” Paiva said.
Roberts, who is part of Commercial Banking’s relationship team, noted that the timing of the attempt showed the level of sophistication involved. The attempt occurred at a time when employees were more likely to be handling payments requests for colleagues who may be on vacation.
“Commercial Banking sends cybersecurity reminders several times a year regarding different fraud schemes, and we publish materials regularly that outline cybersecurity awareness and fraud-prevention practices,” Roberts said. “We were very pleased that our work with the Treasurer’s office helped them stop this scheme and protect the Commonwealth’s taxpayers.”