Internet Crime Complaint Center

Surfside Beach and the Continuing Threat of Business Email Compromise

Standard

According to news reports, the town of Surfside Beach may be one of the latest victims of a business email compromise-type fraud attack. Unfortunately, early reports suggest that the town may have lost over half a million dollars to scammers. South Carolina’s State Law Enforcement Division is actively investigating this incident, so the information we have is limited and unproven, but if true this amount would represent a loss of funds equal to approximately 2.6% of the town’s 2025-2026 budget.

Wildcat Construction was engaged by the town to do some work on its public utilities, and one of its bills, in the amount of $545,598.30, was due for payment. On March 13, 2026, the town indicates it initiated an ACH payment to what they thought was an account belonging to Wildcat, but Wildcat says that it has no such account and that it had requested payment by check. The town released a public statement in which it acknowledged it had “identified a potential cybersecurity incident involving its email environment,” and reported the incident to law enforcement. Details about what exactly may have happened internally at the town level are pretty scant. While SLED is investigating, Wildcat maintains that it has not received the funds, and that it is still entitled to be paid. It is easy to imagine how a scammer might have sent a “spoofed” email to a Town employee, pretending to be an accounts receivable clerk for Wildcat, with a fake set of payment instructions for the Wildcat invoice. The same type of “spoof” attack happens all too often in real estate deals where the closing attorney is gathering invoices and payment instructions. If the Town employee failed to properly verify those payment instructions, then just like the danger of wire fraud in a real estate transaction, the funds could have been sent to a fraudster instead of the correct party.

Data published by the FBI’s Internet Crime Complaint Center, which tracks and reports cyber-crime involving US interests, indicates that both the number of cyber-crimes against, and the amount of property lost by, Americans continues to skyrocket. The IC3 reports that in 2025, it received a total 1,008,597 of cyber-crime complaints for all types of cyber-crime, and it tracked over $20.8 Billion in total losses related to cyber-crimes. The clear indication here is that cyber-criminals are increasing their attacks on our businesses, and are succeeding in stealing more of our money.  

This incident is yet another example highlighting the importance of verifying payment instructions with a known, trusted contact. That includes not only the routing/account numbers, but also the form of payment. In this example, Wildcat says it told Surfside they wanted a check, but the payment was made via ACH to an account that Wildcat says it did not provide to the Town.

While the “worst case scenario” impact on Surfside Beach, even if these funds are permanently lost, looks like it would be below 3% of the town’s overall annual budget, the risk to South Carolina lawyers of wire fraud and business email compromise is potentially much more dire. For a small or solo real estate-focused law firm whose annual fee revenues might be closer to the $1,000,000.00-mark, loss of funds for a mortgage payoff could be much higher as a percentage of the firm’s budget. If we assume that a typical mortgage payoff for a SC home might be around $250,000.00, then it’s easy to see how that amount, when targeted by fraudsters, could be a devastating loss for a small firm. And, while this particular example was not a real estate law firm, it demonstrates that the fraudsters are out there actively targeting anyone they think they can, and that no one is immune to their attacks.

Stay vigilant out there, folks!

Ransomware: A Scary Prospect for Dirt Lawyers

Standard

The Cyberdivision of the FBI is serious about ransomware!  An FBI speaker last Friday at the SC Bar’s excellent tech seminar, an annual seminar I highly recommend for solo and small firm lawyers, emphasized awareness and employee training are critical to prevent data losses in your operation.

Ransomware is a form of malware that is most often delivered through spear phishing e-mails. Spear phishing is a type of e-mail fraud that seeks unauthorized access to confidential data. Ransomware is what it sounds like. Once the fraudster gains access, your system is locked down, and money is demanded to provide access. You have to pay for your own data!

hacker

“H4ck3rz R Us, how can I help you?”

The FBI recommends prevention, business continuity and remediation, but suggests that there is no guarantee of prevention even with the most robust controls in place. Methods of prevention include:

  • Provide extensive awareness and training for your staff.
  • Use strong anti-virus and anti-malware solutions that are set up to update automatically.
  • Regular scans should be conducted of the anti-virus and anti-malware solutions.
  • No user should be assigned administrative access unless that access is absolutely needed.
  • Those with administrative accounts should only use them when necessary.
  • Keep access to a minimum. If a user only needs specific files, he or she should not have access to other files.
  • Ask your IT professionals to implement controls to avoid common ransomware techniques.

But since prevention is not guaranteed, the most attention should be paid to business continuity and remediation. In short, back up your data regularly and regularly verify the integrity of the backups.  Secure backups. Ensure backups are not connected to the computers and networks they are backing up.

The FBI does not endorse paying a ransom to the fraudsters and teaches that paying the ransom does not always ensure regaining access to data.

The FBI encourages victims to contact a local FBI office immediately to report a ransomware attempt and to request assistance. Victims are also encouraged to report cyber events to the FBI’s Internet Crime Complaint Center (www.ic3.gov.)

Be Vigilant to Prevent “Business E-mail Compromise” Scams

Standard

fraud alertWire fraud is on the rise! Train your staff!

United States business e-mail accounts are under attack by sophisticated fraudsters.

The FBI, Financial Services Information Sharing and Analysis Center (FS-ISAC) and the United States Secret Service issued a financial services bulletin on June 19 warning against increasing wire transfer fraud against U.S. businesses referred to as “Business E-mail Compromise” (BEC) scams.

The bulletin warned that BEC is a type of payment fraud that involves the compromise of legitimate business e-mail accounts for the purpose of conducting unauthorized wire transfers.  Many compromised accounts belong to business CEOs or CFOs. The funds are primarily sent to Asia, but funds involved in these schemes have been diverted to locations around the globe.

BEC fraud compromises e-mail accounts through phishing, social engineering or malware used to obtain the user’s password. Once an e-mail account is compromised, fraudsters begin accessing and reviewing e-mails, including meeting and calendar information, contacts lists, and information concerning business partners, vendors and customers.

This activity enables the fraudsters to interject themselves into normal business communications masquerading as the person whose account was compromised. This reconnaissance stage lasts until the actor feel comfortable enough to send wire transfer instructions using either the victim’s e-mail or a spoofed e-mail account.   E-mails are typically sent to an employee with the ability to wire funds. A common tactic is to wait until the victim is away on legitimate business travel to send new wire instructions, making it more likely that individual would use e-mail to conduct business and making it more difficult to verify the transaction as fraudulent while the victim is in transit. The requests will sometimes state that the wire transfer is related to urgent or confidential business matters and must not be discussed with other company personnel.

Other incidents involve the compromise of a vendor or supplier’s e-mail account with the intention of modifying the bank account associated with that business. This scheme may also be labeled “vendor fraud” and often involves last minute changes of the bank and account number for future payments.

red-phoneThere is a relatively easy fix: all wire information received via e-mail should be verbally verified using established business telephone numbers.

Other suggestions to guard against this fraud are:

  1. Limit the number of employees with authority to handle wire transfers.
  2. Have a second employee designated as an approver for any wire transfer requests.
  3. Be careful opening attachments and clicking on links even if the e-mail appears to be from a legitimate source if you believe wire instructions may be included in the communication.
  4. Look out for e-mails that contain significant changes in grammar, sentence structure and spelling compared to previous communications.
  5. Look out for suspicious communications particularly toward the end of the week or the end of a business day. The fraudsters will have more time to access and divert funds.
  6. Maintain a file, preferably in non-electronic form, of vendor contact information, including telephone numbers.
  7. Look out for “spoofed” e-mail addresses that are made to look like the real addresses. Fraudsters use tactics like character substitution, addition and omission to make e-mails addresses appear legitimate. Here are some examples using a Chicago Title address, richard.roe@chicagotitle.com
  • roe@chicag0title.com
  • roe@chicagotit1e.com
  • roe@chicagotitlee.com
  • roe@chicagottle.com
  • roe.chicagotitle@gmail.com
  • roa@chicagotitle.com
  1. Be wary of wire transfers to countries outside of normal trading patterns.

ic3 circleIncidents should be reported to local offices of the FBI or Secret Service or to:

Dirt lawyers, protect your businesses and your clients’ funds by following these critical guidelines!