Virgin Islanders wait for more details on WAPA phishing email scam

WAPA is saying it fell victim to a phishing scheme that resulted in the loss of over 2 million dollars. 

The news broke last week during a senate hearing that $2.3 million of missing WAPA funds were sent to an offshore account.  

In a press release Friday, the Water and Power Authority said it had fallen victim of a Business Email Compromise.

That is an instance where a factious email appears authentic. 

This resulted in payments totaling $2.17 million being authorized and sent to an apparent legitimate vendor. 

It turned out to be a scam. 

Since the incidents, WAPA has provided overall cybersecurity training for its staff as well as training on recognizing phishing emails that can lead to such BEC scams, and revised its financial control procedures, they said in a statement.

“The training is recurring, and we use controlled phishing emails to test our employees ability to determine authentic from bogus emails,” said Executive Director Lawrence J. Kupfer.       

“While we can say very little until the federal investigation into the incidents is complete, I thought it prudent, in light of the Senate discussion this week, to reassure the community that while WAPA was victimized by the BEC incidents, we have taken all advisable security measures to ensure an incident of this nature does not recur,” Kupfer continued.

He added, “equally as important, WAPA’s networks, customer information, computer systems, or its overall digital infrastructure were not compromised.”

The FBI is currently investigating this crime. 

We reached out to WAPA for comment and are still waiting for a response.