Phishing scam costs Wisconsin GOP $2.3 million

The Republican Party of Wisconsin recently confirmed that fraudsters used phishing emails and doctored invoices to steal $2.3 million earmarked for President Donald Trump's reelection campaign.

According to a statement posted Thursday, the Republican political organization, which is operating in a battleground state for next week's presidential election, discovered on October 22 that it had been victimized by a phishing attack. "On Friday morning, October 23rd, we notified the FBI that as a result of this cyberattack, hackers obtained $2.3 million through doctored invoices under the name of WisGOP vendors," said the organization.

The Republican Party of Wisconsin noted that there isn't any evidence that hackers acquired any proprietary information.

Commenting on the news, Tom Pendergast, Chief Learning Officer at MediaPro, a Seattle, Washington-based provider of cybersecurity and privacy education, say, “We must remember as this story unfolds that this is not a partisan issue. Now, it may be partisan in that the cybercriminals behind this attack may prefer one party over the other (though it’s not clear which party is advantaged here). And we can be sure it will get twisted to partisan ends."

He adds, "However, the way we respond to it should NOT be partisan. Making voting and email and digital transactions and the internet safe for everyone should be an issue we can all get behind. No one gains from cybercrime and no one gains from election fraud, if what we ultimately care about is a stable democracy.”

Alex Saric, CMO of Ivalua, a Redwood City, Calif.-based global spend management cloud provider, explains that while this scam may look sophisticated, this is fairly simple and reflects the vulnerability of any organization that hasn’t digitized their spend management processes.

He says, "Invoicing is an area ripe for fraudsters and cybercriminals, who know employees may not always question their validity, particularly if they look convincing. Digitalization can play a vital role in preventing this. By digitizing the entire source-to-pay process, organizations can automate the process of matching contracts and invoices against orders and vendor details, eliminating the potential for fraud. Any discrepancies can be easily flagged for review prior to payment. This is a key benefit of implementing fully integrated suites with a unified data model. This also allows organizations to automate the entire process, helping save time, and in this instance, prevent money getting into the wrong hands.”

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.