Sen. Jerry Moran’s (R-Kan.) reelection campaign was a victim of deceit by a cybercriminal for the amount of $690,000, his office announced on Monday.
The Kansas Senator’s campaign treasurer, Timothy Gottschalk, notified the Federal Election Commission (FEC) of “fraudulent activity by a third-party cybercriminal” with a letter on Dec. 8, 2022.
The letter says that two wire transfers were made for fraudulent invoices of $345,000 each, to SRCP Media, Inc., a Washington-area advertising company hired by Moran’s campaign. An amount of about $168,000 was recovered after being found in another bank.
Moran’s campaign had reported the alleged crime to the local sheriff’s office on Nov. 16, 2022, eight days after the general election. It was then forwarded to the FBI and the Kansas Bureau of Investigation.
The letter says that the investigation is ongoing.
The FBI does not confirm or deny the existence of an investigation, said Bridget Patton, its spokesperson in Kansas City, Missouri.
Moran won his third six-year term in the Senate in November 2022 with 60 percent of the vote against Democrat Mark Holland, a former Kansas City, Kansas, mayor. His reelection campaign raised more than $7.3 million and spent more than $5.1 million through Nov. 28, 2022, according to a finance report it filed with the FEC, also on Dec. 8, 2022.
According to data from the FBI’s Internet Crime Complaint Center, from 2017 to 2021 there were 2.76 million complaints about cybercrime from the American public and a total loss of $18.7 billion.
This is an average of 2,300 complaints received daily.
Phishing (impersonation of a legitimate partner or website) was by far the most common type of fraud committed in 2021 and from 2017 to 2021. It was followed by extortion and personal data breaches. The most victimized age group was people over 60.
The email account compromisation attacks accumulated a loss of over $2 billion in 2021.
There was also a 7 percent increase in cybercrime from 2020 to 2021.
According to the FBI’s website, identity theft and email account compromisation attempts for fake financial transactions are methods targeting companies and financial managers, as was probably in Moran’s case. In this type of attack, a perpetrator uses a slightly different email address or hacks into the victim’s email server to find and then impersonate a legitimate partner. If the deception goes undetected, he then asks for a transaction to a bank account controlled by the perpetrator.
Another method a perpetrator might use is malware—malevolent software—that can take hold of the victim’s computer if the victim opens or downloads an attachment from a fake email, or if the perpetrator hacks into the victim’s network and installs the malware directly. The malware can then have access to billing details or emails. The malware can also disable a computer or computer network and then ask for “ransom” money.
Ways to protect against such attacks are to learn the signs of a spearphishing or spoofing (impersonation) attempt, such as differentiating between fake and legitimate websites, by checking their URL and any design flaws or differences with the actual one. Check email addresses carefully, for the same reason.
One should never open an email attachment from an unknown person, and speaking with the company directly when a transaction is requested is recommended. Also, checking the phone number of the company independently and not calling it through the number an email provides is important. If a scam attempt is underway, the perpetrator will send a fake phone number via email so as to impersonate a company asking for a transaction.
Installing anti-malware software, which identifies malware and neutralizes it, can also be a good idea, but one should be aware that many free-to-download ones are themselves malware.
The Associated Press contributed to this report.