FBI TLP White PIN: Business Email Compromise Actors Targeting State, Local, Tribal, and Territorial Governments

At a Glance

From 2018 through 2020, the FBI observed increases in business email compromise (BEC) actors targeting state, local, tribal, and territorial (SLTT) government entities for financial gain due to vulnerability exploitation and transparency requirements. The COVID-19 pandemic exacerbated these cybersecurity challenges as SLTTs shifted a significant portion of their workforce to remote work. These actors target SLTT victims with spoofed emails, phishing attacks, compromised vendor accounts, and credential harvesting to alter payment instructions for services rendered by vendors or employee payroll direct deposit information. From November 2018 to September 2020, the FBI observed losses ranging from $10,000 to $4 million, which have significantly impaired operational capabilities and imposed considerable resource strain on SLTT governments.