Utah city loses over $1M to cyber-hack. Computer-security expert shares tips on how not to be a victim

SALT LAKE CITY — The city of Eagle Mountain said Monday it became the victim of a $1.13 million cyber-hack by an online impersonator posing as a vendor working with the city on an ongoing infrastructure project.

Eagle Mountain falls victim to $1.13 million cyber-hack

Earl Foote of Nexus IT joins KSL NewsRadio’s Dave Noriega and Debbie Dujanovic. He discusses what other cities can learn from this theft and what steps to take to prevent this from happening.

Foote said in these types of cyber-thefts, a hacker gains access to one side of an email account. Hackers spot announcements around projects from a city like Eagle Mountain and the vendors or the contractors involved. When criminals see the moment of a financial transaction, they impersonate someone on one end of the email exchange and change the ACH (Automated Clearing House) or wiring instructions for the payment.

The ACH network acts as the central clearing facility for all Electronic Fund Transfer (EFT) transactions in the United States, representing a crucial link in the national banking system, according to Tech Target.

How not be a victim 

Foote said in these types of financial transactions, do not rely on email or text. Also, he said, do not conduct the financial transaction on a Friday.

“Whether it’s your personal financial side or business of an organization, if there any changes made to wire transfer instructions or ACH instructions, call your conduct on the other side.

“Do not rely on text communication or email, call somebody and verify the details before you make a wire.

“Banks oftentimes will have 24 to 48 hours to reverse those transactions to get your money back, but hackers will usually strike late on a Friday, so the banks cannot recover the money,” Foote said.

Debbie noted that these crimes are not confined to just cities. Individuals or families buying a home and sending a large sum of money through a wire transfer to a title company can also fall victim to cyber-hackers and thieves.

“The scenario you have just outlined is extremely common today. In the last four or five years, we have been brought into several of those scenarios, specifically, around real estate down payments,” Foote said.

Watch for the signs of fraud, he advised. Check the email recipient’s address. Watch for language, verbiage and grammar in the email — especially right before a transaction — to make sure it matches the language and tone in the trusted person’s previous communications. 

“I still would never trust the information in a text format. When you’re dealing with a financial transaction, get on the phone, verify the information before you make a move,” Foote recommended.

Will insurance cover cyber-hack thefts?

“We hear this all the time when someone gets hit: ‘Oh, it’s all fine because we had insurance.’ Listen, you’re paying for it. Everybody’s paying for it. You’re either paying for it in increased premiums. . .. whatever it might be, trust me, that is not free money.”

Foote said cyber-crimes haven been increasing quickly — and are costly. But if the theft is avoidable, insurance companies may balk on paying the claims.

“When there’s negligent behavior, when a situation was preventable by taking a few basic measures, we’re seeing insurance carriers walk away from those, saying you don’t have a valid claim here,” Foote said.

Dave & Dujanovic can be heard weekdays from 9 a.m. to noon. on KSL NewsRadio. Users can find the show on the KSL NewsRadio website and app, as well as Apple Podcasts and Google Play.