Fake CEO email asks for $50k as part of Noosa cyber scam
FINANCIAL services staff at Noosa Council have been targeted in a serious computer fraud attempt to rip more than $75,000 from ratepayers' hard-earned funds.
Council information and communications technology manager Justin Thomas said there were "two recent email impersonation fraud attempts". Mr Thomas identified these as "the first sophisticated fraud attempts against council" which were thwarted, unlike the scam pulled off against the Brisbane City Council back in 2016, which netted $450,000 by way of fake electronic invoices.
Townsville Council has also previously been targeted by dodgy emails, but the attempted Noosa fraud used different ploys.
"One of the emails Noosa Council received was from a scammer impersonating the (council) CEO directing staff to pay a fraudulent invoice," a council spokeswoman said.
"Another was from a different scammer demanding a fraudulent electronic funds transfer.
"The first was for just over $50,000 and the other was half of that amount. Each were sent from fake email addresses."
Council CEO Brett de Chastel, said both attempts were quickly picked up by Noosa Council's ICT team.
"Noosa Council has very thorough screening processes in place as well as on-going training for staff to detect scam emails and invoices," Mr de Chastel said.
"All governments are likely subject to such fraudulent activities, and Noosa Council has never been successfully scammed in this fashion. But it is a salient reminder for everyone in business that this type of criminal activity is prevalent, and thus to have appropriate checking systems in place," Mr de Chastel said.
Queensland Police Identity and Cyber Unit have been provided copies of the emails of both incidents "to provide them with intelligence".
As well Noosa Council has implemented four phishing email tests to try and catch out unwary staff and Mr Thomas has sounded a warning that safeguards are not yet up to speed.
Phishing is the attempt to obtain sensitive information by posing as a trustworthy sources.
"To date four tests have been conducted, with test results indicating that the risk of phishing is not reducing via current initiatives," Mr Thomas said.