Phishing scams are nothing new, so you’d normally expect fewer people to fall for these, especially if they work for a government organization.

And yet, somehow the Puerto Rico government ended up transferring no less than $2.6 million to a fake account after someone was tricked into believing a bank account used for remittance payments changed.

The government said the money transfer was made on January 17 but was only discovered this week. No details have been shared on how exactly they figured out the money was transferred to a fraudulent account, but local officials say they have already reached out to the FBI and an investigation is under way.

Furthermore, government representatives claim they are trying to recover the money, albeit it’s not clear at this point if this is indeed possible.

“This is a very serious situation, extremely serious. We want it to be investigated until the last consequences,” Puerto Rico finance director of Industrial Development Company, Rubén Rivera, told AP.

Phishing attacks still a widespread threat

Phishing attacks themselves have evolved a lot lately and still represent one of the tactics most often used by cybercriminals against a wide variety of targets, but most prominently organizations and government agencies.

A report from security company Proofpoint reveals that in 2019 no less than 65 percent of the US organizations experienced a successful phishing attack. Most often, organizations suffer loss of data and compromised credentials, but in other cases, the phishing attacks end with ransomware infections. Approximately 35 percent of the organizations suffer a financial loss due to a phishing scam, the report adds.

“Phishing is a many-headed beast. The impacts and costs associated with successful attacks are significant and damaging. Cyber criminals are working overtime to perfect their techniques and get to your people,” Proofpoint explains, warning that phishing attacks will become more sophisticated in the coming years.