Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

Fraudster Stole Millions From Baltimore

September 1, 2025
Reading Time: 3 mins read
in Incidents
MathWorks Confirms Cyberattack Data Stolen

A sophisticated scammer exploited vulnerabilities within Baltimore’s Department of Accounts Payable (AP) to steal more than $1.5 million, marking the third such incident in the city since 2019. By posing as a legitimate vendor, the fraudster manipulated city staff into redirecting two large payments—totaling $1,524,621.04—into a fraudulent bank account. This incident serves as a stark reminder of the financial risks posed by weak internal controls and a failure to implement robust fraud prevention protocols.

The scheme began in December 2024 when the fraudster, using a spoofed email, gained access to the vendor’s Workday account. Posing as an employee of the vendor, the scammer submitted a fraudulent supplier form to the city’s AP department. An AP employee, without proper verification, approved the form despite having incorrect details. This initial breach set the stage for the rest of the scam. Over the next month, the fraudster repeatedly attempted to change the vendor’s bank details, even submitting a fake voided check in a persistent effort to reroute payments.

The scam culminated in February and March 2025 with two successful fraudulent payments. The first payment of $803,384.44 and a second one for $721,236.60 were both completed via Electronic Funds Transfer (EFT) to the scammer’s account. This was only possible because a second set of AP employees approved the fraudulent bank change request without verifying the accompanying documentation. While the city was able to recover the smaller payment, the larger one remains unrecovered, forcing the city to file an insurance claim and re-issue the payments to the legitimate vendor.

According to Inspector General Isabel Mercedes Cumming, the primary cause of this fraud was the accounts payable department’s systemic lack of safeguards. The investigation revealed a critical failure to verify supplier information and a broader pattern of neglecting to adopt corrective measures following prior fraud cases. This institutional oversight created an environment ripe for exploitation and left the city’s finances exposed to this type of attack.

This latest incident is part of a troubling trend. Baltimore has now been a victim of at least two other similar vendor scams: a $62,000 loss in 2019 and a $376,000 loss in 2022. All three cases involved a scammer tricking city staff into changing vendor bank details. The repeated nature of these attacks underscores the urgent need for the city to overhaul its financial security protocols and implement rigorous verification processes to prevent future financial losses.

Reference:

  • Fraudster Stole Over 1.5 Million Dollars From City Of Baltimore
Tags: cyber incidentsCyber Incidents 2025Cyber threatsSeptember 2025
ADVERTISEMENT

Related Posts

Cyberattack Hits Europe Airport Systems

Cyberattack Hits Europe Airport Systems

September 22, 2025
Cyberattack Hits Europe Airport Systems

Ransomware Gang Hacks Spartanburg County

September 22, 2025
Cyberattack Hits Europe Airport Systems

Steam Game Steals Streamer Donations

September 22, 2025
Russian Hackers Hit Polish Hospitals

Russian Hackers Hit Polish Hospitals

September 19, 2025
Russian Hackers Hit Polish Hospitals

New York Blood Center Data Breach

September 19, 2025
Russian Hackers Hit Polish Hospitals

Tiffany Data Breach Hits Thousands

September 19, 2025

Latest Alerts

SonicWall Warns Reset After Exposure

Infostealer Hits macOS Users Widely

FBI Issues Warning on Spoofed IC3 Website

Steganography Cloud C2 In Modular Chain

Fake Empire Targets Crypto With AMOS

SEO Poisoning Hits Chinese Users

Subscribe to our newsletter

    Latest Incidents

    Steam Game Steals Streamer Donations

    Ransomware Gang Hacks Spartanburg County

    Cyberattack Hits Europe Airport Systems

    Russian Hackers Hit Polish Hospitals

    New York Blood Center Data Breach

    Tiffany Data Breach Hits Thousands

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial