WAPA Admits Employee Was Duped By Simplistic Phishing Email Costing It $2.17 Million
CHARLOTTE AMALIE — The Virgin Islands Water and Power Authority admitted that one of its employees was fooled by an Internet phishing scheme that cost the quasi-government authority more than $2 million.
On two occasions in 2018, WAPA said it was the victim of “a Business Email Compromise (BEC), an instance where a fictitious email appears authentic.”
“These incidents resulted in payments totaling $2.17 million being authorized, and sent to an apparent legitimate vendor,” WAPA said in a prepared statement on Facebook. “The FBI is currently investigating this crime.”
A Business Email Compromise is a type of scam targeting companies who conduct wire transfers, according to WAPA.
“Corporate or publicly available email accounts of employees that conduct financial transactions or are involved with wire transfer payments are either spoofed or compromised through key loggers or phishing attacks to carry out fraudulent fund transfers,” WAPA said.
Since the incidents, WAPA said it “has provided overall cybersecurity training for its staff as well as training on recognizing phishing emails that can lead to such BEC scams, and revised its financial control procedures.”
“The training is recurring, and we use controlled phishing emails to test our employees ability to determine authentic from bogus emails,” said WAPA Executive Director Lawrence J. Kupfer.
“While we can say very little until the federal investigation into the incidents is complete, I thought it prudent, in light of the Senate discussion this week, to reassure the community that while WAPA was victimized by the BEC incidents, we have taken all advisable security measures to ensure an incident of this nature does not recur. Equally as important, WAPA’s networks, customer information, computer systems, or its overall digital infrastructure were not compromised,” Kupfer added.
WAPA is seeking to raise electric rates in the territory to almost four times the national average as it struggles to resolve a mounting list of crises.
The sole provider of electricity and water here is faced with a threatened cut-off of fuel from an unpaid supplier, an FBI investigation of $2.7 million of illegal wire transfers, an employee lawsuit, and reduced demand for its services.