The Town of Enfield, New Hampshire, appears to have been the victim of a man-in-the-middle scheme involving the transfer of $742,000 to a fraudulent bank account. The town is constructing a new $7.2 million public safety building. An employee was tricked into sending the payment to a fraudulent bank account instead of the construction company building the facility.

According to a town spokesman, “Basically, a staff member was tricked into changing a bank account number for one of our vendors and then the next payment to that vendor was directed to the fraudulent bank account.”

This is a classic man-in-the-middle scheme when a threat actor intercepts a transaction and is able to divert funds that are supposed to go to another party. Often, the threat actor impersonates the vendor, uses a similar email address to make the victim believe it is the real vendor, and then tells the victim that the bank account has been changed, and provides realistic looking documents that look like they are issued by a legitimate bank. When the banking instructions are changed, the victim believes the vendor is being paid, but the funds are diverted to the threat actor’s account. It is distressing that banks are opening legitimate accounts for threat actors for the transfer of funds. The threat actor will drain the account, and unless you notify law enforcement, (FBI or Secret Service), chances are the funds will be gone by the time you figure out what happened.

Luckily, here, the town notified the bank where the fraudulent account had been opened, and it appears that some of the funds were frozen and may be recoverable. The hard lesson is to never trust anyone requesting funds over email, especially when they are changing wiring or bank instructions, or are seeking an urgent payment. These are all red flags, and processes for authenticating instructions via other means will assist in diverting such attacks.