NORFOLK, Va. - The Norfolk Airport Authority faced a security breach back in March. They called the FBI, VSP, and police after realizing that almost $400,000 was put into a suspected fraudster’s account, according to a search warrant.
It started when the Avis Car Rental received a fraudulent email from the bad actors posing as the Norfolk Airport Authority asking Avis to stop future payments to the current account and send the money to a new wire transfer account.
It states, “The email contained spelling, punctuation, and other errors that were not consistent with other emails that were known to have been written” by the Norfolk Airport Authority.
After a few weeks, the Norfolk Airport Authority told Avis the funds they were owed were not in the account which is when the breach was then discovered.
It states five payments of $389,000 were made into the bad actor's account and the FBI contacted the bank to freeze the account.
Response from Norfolk Airport Authority: Upon discovering the incident, we immediately began working with federal and state law enforcement. Their investigation into this matter is ongoing. NAA is cooperating with the authorities to bring these criminals to justice and we cannot comment further on their ongoing investigations.
The Norfolk Airport Authority also engaged leading cybersecurity forensic experts, who confirmed that NAA systems were secure and that no personal nor payment information was compromised. The Authority takes cybersecurity extremely seriously and we are continuing to improve our security posture. We are committed to ensuring the ongoing security of our operations.
We reached out to Virginia State Police. They said this was an active and ongoing investigation and they could not provide any more information about the details of the case, but did provide the following information for the public to protect them from falling victim to these types of schemes.
1. Verify the email address. Do not merely look at the name associated with the email, but look at the entire email address to check the username and domain to see if it looks suspicious or follows email address protocols consistent with one's employer.
2. If the email address cannot be verified, or if the email address is a known email but the request being made is suspect, the intended victim should contact by phone or in person the individual or department the email reports to be from to confirm the authenticity of the email and the request being made. If contacting the individual via telephone, call a number reported in your organization's directory, not a phone number provided in the suspect email.
3. Be vigilant in proofreading emails received that contain unusual requests. The emails frequently contain spelling, capitalization, grammatical errors, and/or phrases that are unusual or not to be expected in a professional environment. Also, be mindful of any organization logos or contact information contained in the emails. Some are readily identifiable as not being official.
4. Never provide personal information or login credentials via email or over the phone. Do not click suspicious or unknown links contained in emails.
5. In the event you suspect you have been the victim of a scam or were the intended victim of a scam, contact the appropriate personnel within your organization. This can help expedite remediation of the issue, or in the event the scam was recognized by the intended victim, raise awareness to others in the organization in the event they become intended victims of the same scam.