FBI TLP White PIN: Business Email Compromise Actors Targeting State, Local, Tribal, and Territorial Governments

FBI TLP White Business Email Compromise Actors Targeting State, Local, Tribal, and Territorial Governments, Straining Resources 

17 March 2021

PIN Number
20210317-001

At a Glance

From 2018 through 2020, the FBI observed increases in business email compromise (BEC) actors targeting state, local, tribal, and territorial (SLTT) government entities for financial gain due to vulnerability exploitation and transparency requirements. The COVID-19 pandemic exacerbated these cybersecurity challenges as SLTTs shifted a significant portion of their workforce to remote work. These actors target SLTT victims with spoofed emails, phishing attacks, compromised vendor accounts, and credential harvesting to alter payment instructions for services rendered by vendors or employee payroll direct deposit information. From November 2018 to September 2020, the FBI observed losses ranging from $10,000 to $4 million, which have significantly impaired operational capabilities and imposed considerable resource strain on SLTT governments.

Related Resources

Infographics
Public
The Russian Foreign Intelligence Service, known as SVR, poses a significant risk to U.S. and allied government networks.
Letter/Comment
Public
The AHA shares with Senate and House leaders the association’s recommendations for infrastructure investments that should be included in an upcoming…
Guides/Reports
Public
Health care is increasingly moving to a digital platform. Recent major investments in health information technology, such as electronic health records and…
Issue Landing Page
The AHA has created a panel of a limited number of highly-reputable and qualified cybersecurity service providers to support AHA member hospitals and health…
Testimony
Public
John Riggi, AHA senior advisor for cybersecurity and risk, testimony before the Senate Homeland Security and Governmental Affairs Committee on defending…
Special Bulletin
Member
Federal agencies this morning are providing new information on an imminent ransomware threat to U.S. hospitals.