The city of Fresno, California, lost more than $600,000 to a phishing scam in 2020, a loss that could have been avoided if Finance Department employees had followed city policy, a Fresno County grand jury report revealed on Thursday.
Construction began on a new police substation in southeast Fresno in April 2019, according to the report. The contractor requested to be paid by physical checks.
The Fresno Finance Department received an email in January 2020 from the perpetrator of the scam, who the city assumed was an employee of the construction company, requesting to receive payments through an automated clearing house transfer instead. In the following weeks, the department authorized two electronic payments to the perpetrator totaling $613,737.
The city learned about the scam when the construction company threatened to walk off the job over lack of payment, the San Joaquin Valley Sun reported.
Investigations later revealed that the perpetrators of the scam were part of an international organized crime ring.
“At no time did the perpetrators submit fraudulent invoices,” the report said. “It appears they simply scoured the internet for large construction contracts being awarded by local governments. Using real data gleaned from the City Council agendas and minutes, they were able to identify this particular contract, used what information was publicly available, and initiated a successful phishing scheme on unsuspecting city employees.”
The report revealed city staff failed to pick up on the fraud despite numerous signs. The fraudulent email addresses ended in “.us,” while the contractor’s had ended in “.com,” and the scammers gave multiple bank account numbers across different states.
“This, too, did not alert city staff to the fraud,” according to the report.
The grand jury found that Finance Department employees had failed to follow policies that would have prevented the fraud. The staff had not authenticated the automated clearing house form to ensure that the “form submitted by the vendor [was] actually from the vendor of record.”
They had also neglected to have a different staff member review the transfer, a step that was required for all “large disbursements.”
The grand jury wrote that the electronic payment procedure was “largely unwritten at the time of the incident.”
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
“Training for the handling of these important money transfers was conducted verbally, and it appears that not all Finance Department employees were properly trained,” the report read.
“Without strict observation and enforcement of new and existing internal controls,” it added, “there is a high probability of similar losses in the future.”