ORLANDO, Fla. — A "phishing" scam targeted several Puerto Rican government agencies and tried to steal more than $4 million, according to authorities.

  • Hackers broke into agency system, sent emails
  • 2 Puerto Rican agencies fell for the scam
  • More than $4 million sent between 2 agencies

The scam began in December, when a hacker got into a computer at the Employee Retirement System and sent emails to other agencies that claimed there was a change in bank accounts, law enforcement officials told the Associated Press.

Two agencies fell for the scam: the Industrial Development Company, which sent more than $2.6 million, and the island's tourism company, which sent $1.5 million. The money apparently went to fraudulent accounts in the mainland U.S.

No other government agencies have reported a loss because of the scam, but it's thought that the hacker targeted more than $4 million in government funds.

But an official who was not authorized to comment on the case and requested anonymity said authorities were able to freeze at least $2.9 million.

The FBI is investigating.

Puerto Rico's agencies are just the latest government entities to have been targeted by internet crimes. In January, federal agents said several people were part of a scheme to steal money from the Sumter County School Board. Elsewhere, a phishing scam targeted the city of Ocala. The city admitted in October that it had been victimized, losing $700,000. Most of the money was eventually recovered. And in December, the FBI issued a warning regarding a wave of ransomware attacks that netted millions of dollars from Florida cities in 2019.

Carlos Perez, the principal at Perez Technology Group, a managed IT firm in Orlando, tells Spectrum News that scammers target government municpalitites because some have out-of-date security system which puts valuable information at risk.

"We’ve seen those places attack places like Ocala, Riviera Beach, and in those cases, those organizations had their systems completely locked down and held for ransom," Perez said. Government entities tend to be on tighter technology budgets, so they tend to not have the resources in many cases that a large corporation would have," Perez said.

"You will see them having technology that’s no longer supported by the manufacturers. If the manufacturers are no longer providing support and updating these systems frequently and those updates are not available, then these municipalities and these organizations are at risk from one day to the next."

Perez said businesses should be proactive, not reactive, meaning they should train employees and invest more in cybersecurity because in most cases, it's more expensive to repair the damage scammers cause than prevent it from happening.

Perez recommends these steps to not fall victim to hacking:

  • Use two-way authentication to prevent hacking — a simple password is not enough security.
  • Do not click on any links attached to suspicious emails.
  • Double check to make sure the email is actually from the sender. Hackers sometimes send emails from people you may know.
  • Always be suspicious of any message that requests money.