City of Naples setting up safeguards, working with FBI after losing $700K in phishing attack
The week after a major phishing attack swiped $700,000 from the City of Naples, they say they’re working with their insurance and banking companies, but there’s no guarantee all the money will be recovered.
The City admits an attacker posed as someone from Wright Construction Group and requested a change of bank account on an invoice.
The city then paid the money to that fake account.
City Manager Charles Chapman says, “The days of just being able to respond to emails or open attachments or even answering phone calls without verifying who you’re dealing with on the other line are long gone.”
The money was supposed to go towards an improvement project along 8th Street South.
The city assures us that project won’t be delayed and no other capital projects are in jeopardy either.
That’s because taxpayers will pay for the shortfall in the meantime, with money coming out of utility customer and taxpayer funds.
“That’s why the city has strong financial reserves, so when a gray cloud day comes we are prepared to respond,” said Chapman, adding, “that the operations of the city will continue with confidence, and we will conclude the jobs we have begun, although we do have to deal with the mess that has been left behind.”
The city says they do have a checks and balances system for invoices. They also have one for changing bank accounts but it’s not the same as the invoice system.
The City says they’ll look at their authentication process, protocols within departments, increase staff training efforts and make sure cybersecurity systems are as up-to-date as possible.
The city manager will also prepare a report for the City Council next month making any recommendations for new technology and policy changes.
He said, “This is an ever-changing landscape and unfortunately has become our new normal.”
In the meantime, they’re encouraging all city staff, and really everyone, to be aware.
Naples Mayor Bill Barnett said, “Our professionals are all completely focused on understanding what happened and how best to prevent it from ever happening again thank you and that is our promise.”
The city says the employee involved is on paid administrative leave. They assure us their systems are safe and sound but are working with the FBI as well as local law enforcement to hold those responsible, accountable.