Perpetrators of a $2.3 million fraud against Peterborough taxpayers over the summer initiated the criminal enterprise by compromising the email of one town employee, according to a timeline prepared by local officials.
While simple human failure to follow established procedures allowed the scam to succeed, aspects of the theft do appear complex, including circumventing bank controls intended to prevent people from fraudulently setting up accounts.
“April – The email account belonging to a Town of Peterborough finance staff person was compromised by a Bad Actor utilizing IP addresses from outside the U.S.,” states the timeline prepared for the September 21 Select Board meeting.
“The staff person was likely targeted by a phishing email or a zero-day exploit of the Microsoft 365 platform which occurred last winter.”
The town has not identified the staff member who was targeted.
Finance Director Leo Smith, who took his…