The city of Ocala has been the target of an email spear phishing campaign, resulting in a yet-to-be-determined net financial loss.
Email spear phishing involves an email targeted at a specific individual or business and appears to be from a trusted source.
An email, appearing to come from a local contractor with whom the city is doing business, directed a payment for services to be electronically transferred to a fraudulent account. This incident was identified and immediately reported to local and federal law enforcement agencies. The city has paid the contractor for the work performed and filed an insurance claim to recoup the lost funds.
This has been identified as an isolated incident. An analysis has confirmed that the city’s information systems have not been compromised and customer data is safe and secure. The city is actively working with local and federal law enforcement agencies to identify the fraudulent representative and recover the lost funds.
“While the City of Ocala recognizes governmental transparency, an active criminal investigation into bank fraud is under way and our ability to discuss this matter publicly is limited until the investigation has concluded,” said Ashley Dobbs, Ocala’s marketing and communication manager. “We take our city’s cyber security seriously and employees participate in mandatory trainings to arm them with the skills needed to identify and report these sophisticated campaigns.
“While we can’t change this outcome, we will continue to update and refine our cyber security systems and trainings to minimize future impacts.”