Hackers using a “fairly simple” invoice scam have stolen $2.3m from the Wisconsin Republican Party.
The money was stolen from an account that was used to support Donald Trump’s re-election campaign after the attacker was able to change invoices and commit wire fraud, with invoices doctored so that money went to attackers rather than the intended vendors.
In a statement, Wisconsin Republican Party Chairman Andrew Hitt said that the attack, which was discovered on 22 October, was the result of a “sophisticated phishing attack” and that there was no evidence the hacker obtained “any proprietary information”.
Hitt also said that the “criminals exhibited a level of familiarity with state party operations at the end of the campaign to commit this crime”.
The party said it had informed the FBI of the attack, and it is now “working closely with the FBI while they conduct their investigation”.
Alex Saric at procurement software maker Ivalua said that the attack itself was “fairly simple” to carry out.
“While this scam may look sophisticated, this is fairly simple and reflects the vulnerability of any organisation that hasn’t digitised their spend management processes,” he said.
“Invoicing is an area ripe for fraudsters and cybercriminals, who know employees may not always question their validity, particularly if they look convincing. Digitalisation can play a vital role in preventing this. By digitising the entire source-to-pay process, organisations can automate the process of matching contracts and invoices against orders and vendor details, eliminating the potential for fraud.”
Earlier this month, Hall County in Georgia disclosed that it had been hit by a ransomware attack that could be the first of its kind this presidential election season.
Jake Moore, cybersecurity specialist at internet security firm ESET said that the current heightened tensions in US politics may make it easier for hackers to carry out attacks:
“Tensions are extremely high amongst political parties in the USA which bodes well for threat actors as those involved may let their guard down and make mistakes. Low-level attacks can often have the most financial return and once one invoice is viewed, multiples can be duplicated easily with only the bank details changed.
“Hiding in plain sight, these attackers have simply mimicked a pre-authorised payment method which they knew would not be double-checked. This plays into the hands of the attackers, hence they got away with this for so long on so many invoices. This is likely to be occurring in other organisations too unless every invoice is verified at the time of each payment.”