Business email compromise (BEC) scams are siphoning millions from US local governments, and fraudsters are only getting smarter. Cybercriminals impersonate vendors, officials, and even government employees to divert taxpayer funds straight into their own pockets. If you think your city or county is immune, think again—these jaw-dropping cases prove otherwise.
Here’s how hackers tricked officials into handing over millions.
Arlington officials fell prey to a sophisticated cybercrime operation. Criminals compromised an official email account and sent convincingly real wire transfer instructions to city staff. Before anyone realized what had happened, the funds had been rerouted into fraudulent accounts. Officials are now working with law enforcement to tighten their security protocols.
Lexington’s finance team wired $4 million to a fraudster after receiving fake payment instructions. The scam only came to light when the intended recipient flagged the missing funds. While the city managed to recover part of the money, the breach exposed gaps in its verification process, leading to stricter protocols.
A fraudulent vendor payment scheme tricked Mississippi officials into wiring $2.7 million to criminals posing as a legitimate contractor. The scam exploited weak internal verification processes, prompting the county to ramp up employee training and security reviews.
Scammers manipulated email conversations to impersonate a trusted contractor, convincing officials in Peterborough to send $2.3 million meant for a school and bridge project to fraudulent accounts. Despite efforts to recover the funds, the money was never retrieved, leaving taxpayers to foot the bill. Read more on the fraudulent payment request.
Cabarrus County transferred $1.7 million to fraudsters posing as a known vendor. Attackers altered bank details in official invoices and sent them via compromised email accounts. By the time authorities realized what had happened, most of the money was gone.
City officials in Blaine mistakenly wired $1 million to BEC scammers who impersonated a vendor. The fraudsters gained access to email conversations, changed payment instructions, and convinced staff to process the transfer. The city later admitted it lacked cyber insurance to cover the loss.
Portland fell victim to a BEC attack that allowed scammers to redirect a city payment to their own account. Officials have not disclosed the exact amount lost, but the incident forced them to implement stricter authentication protocols to prevent future breaches.
Officials in Fort Lauderdale transferred funds to fraudsters after falling for a phishing email. The city ultimately recovered $1.2 million, but the attack exposed significant security vulnerabilities, leading to new phishing awareness training and fraud detection investments.
Cybercriminals targeted a Minnesota city’s sewage project, tricking officials into wiring $1 million to fraudulent accounts. The attack took advantage of weak internal controls, prompting a city-wide review of vendor verification procedures.
Eagle Mountain officials were caught in a cyber scam that drained $1 million from city accounts. Fraudsters leveraged sophisticated email impersonation techniques to alter financial transactions. The city is now collaborating with cybersecurity experts to prevent future incidents.
Only 13% of finance leaders feel fully prepared for AI-powered cyberattacks. Discover where the real risks lie—and how to close the defense gap fast.
AI voice scams are targeting finance teams—using deepfake tech to mimic executives and authorise payments. Learn how they work—and how to stop them.
Discover 14 real-world AI-driven tax scams targeting US finance teams this season—what they look like, how they work, and how to stop them in action.
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.
