Welltec Defense
Uncategorized
7 min read

How a City in Georgia Lost $1 Million to Phishing

December 8, 2025 By Al Kao

Here’s the story of how a city in Georgia lost nearly $1 million in taxpayer money all due to a phishing cyber attack known as a “business email compromise (BEC)” scam.

In 2021, in the city of East Point, Georgia “ a suburb of Atlanta with approximately 38,000 residents “ was the victim of cyber crime. 

Cyber criminals successfully infiltrated city email addresses and accounts. The attackers spoofed and fooled city employees with compromised emails and official-looking invoices for “professional services”. The attackers then instructed the city’s finance and accounting departments to wire the funds to a new, fraudulent bank account controlled by the criminals, claiming it was for a legitimate vendor or service. The total amount requested across all of the fraudulent transactions was over $1.2 million.

What was the aftermath of this attack on the city of East Point, Georgia? Approximately $785,090 in taxpayer money was pilfered from the city of East Point before the cyber attack was detected and stopped.

Alarmingly, this attack was not publicly disclosed until 2023, after pressure for more transparency of city finances showed odd discrepancies in accounting before the city was finally forced to come clean about the cyber attack.

The BEC Cyber Attack

This kind of cyber attack is known as a Business Email Compromise attack, or BEC. It is a variation of a phishing or social engineering attack. It is deviously and deceptively simple. It is also “easy” to prevent.

What are the steps that could have prevented or mitigated the attack? Quite simply, training and protocols. 

In the case of East Point, Georgia, what allowed the attack to be successful comes down to three main culprits:

  1. Lack of Internal Controls: An audit revealed that four invoices were approved by the East Point finance department, and the payments were wired out, but none of these invoices were recorded in the city’s main accounting system. This is a critical breakdown in financial and accounting controls and protocol, such as best practices requiring dual verification and system reconciliation for large wire transfers.
  2. Human Error: City employees processed the payments to the scammers, believing the email requests to be legitimate, and possibly under pressure from the scammers urgency and authenticity of the compromised email accounts.
  3. Lack of Training: The ease with which the attackers were able to not only spoof identities but get shepherded through the city staff and gain access to funds show a complete lack of training in staff from phishing and cyber attacks to fundamental financial and accounting rules, regulations and laws. With proper protocol training, and regular anti-phishing training and drills, city employees would’ve been able to flag the attack earlier or somewhere along the line, before any taxpayer funds were siphoned off.

If a city can so easily be fooled by a BEC phishing attack, how easy can it be to fool staffers in your business? Can your company afford to lose $1 million dollars?

3 “Easy” Cybersecurity Preventative Solutions

Here are the “easy” steps for you to take to help make sure your business doesn’t make the same costly mistakes that the city of East Point, Georgia made.

#1 “ Training

Employees, whether public or private sector workers, need to be trained to recognize phishing attempts. Training with drills on phishing and cyber attacks are vitally important to ensure that employees recognize and react to phishing attempts, and report such attempts. Failing the training and drills results in more mandatory training.

  • Managed Security Awareness Training
  • Phishing Simulation Campaigns

#2 “ Security Solutions

Email security and identity protection are crucial as a starting point. The East Point hack began because a criminal was able to gain access to a City email account, turning an external attacker into a trusted insider. Putting email security and identity protections in place is a critical first line cybersecurity defense:

  • Multi-Factor Authentication (MFA): The single best ROI in cybersecurity. If an attacker accesses an employee’s account using stolen credentials or if an employee falls for a phishing scam and gives away their password, the criminal is locked out without the unique second factor (the phone code/app approval).
  • Advanced Email Filtering & Threat Protection (ATP): Can stop the majority of attacks. Blocks malicious links and quarantines highly-suspicious emails before they ever reach an employee’s computer. It catches what basic spam filters miss.
  • Email Domain Authentication (DMARC/SPF/DKIM): These protocols prevent impersonation. They prevent outsiders (and criminals) from “spoofing” your email domain to impersonate or trick your clients or employees. These protocols tell the world that any email claiming to be from your domain must be legitimate.

#3 “ Protocols

Your company’s cybersecurity can be enhanced by tightening IT policy and workflow into department streams. In the East Point case, the audit revealed the money was wired out without being logged in the accounting system, confirming a lack of proper financial controls. By tightening IT policies with workflows into department streams you can mitigate potential financial or big decision damages from BEC and phishing attacks.

  • vCIO (virtual CIO): a virtual CIO is like having a fully experienced and knowledgeable CIO on your staff, but without the payroll. The vCIO will see where IT, cybersecurity and policy intersect, and draft clear policy such as requiring employees to pick up the phone and call a known number (not the one in the suspicious email) before making critical decisions or financial transactions.
  • Role-Based Access Control (RBAC): Configure email systems to ensure that only a small, specific group of people can have the authority to initiate or approve critical decisions or high-value financial decisions.

Let the costly lessons of East Point, Georgia be the motivation to invest in your cybersecurity. Put in security solutions to your systems, regiment training of your staff, and consult a vCIO to make sure your entire IT, cybersecurity and policy flows smoothly with as few security gaps as possible.

Welltec Defense has your cybersecurity and IT solutions, and as always, is ready to help you secure your business. Whether it is setting up monitoring, securing devices, or vCIO services, Welltec Defense is here for you.

Ready to harden your defenses?

Start with a comprehensive risk assessment. Our engineers will identify your vulnerabilities and build your custom shield.

Request a Risk Assessment