Nassau County has recovered $710,000 paid out of the comptroller's office to scammers pretending to be a county vendor, Nassau police announced Friday.
The recovery of the taxpayer funds was a joint effort involving financial crimes police, Nassau County district attorney investigators, the comptroller's office and the county treasurer, Nassau Police Commissioner Patrick Ryder said at a news conference.
“Many times we talk about the scams on our elderly, how they can get fooled, but government can become a victim too,” Ryder said. “If it weren’t for the coordinated effort and initial contact from the comptroller’s office, the money may not have been recovered because it moves quickly.”
Comptroller officials contacted police on Oct. 25 to report that they had been targeted by an organization pretending to be an existing county vendor, Ryder said.
This is a take off on the snow plow scam we described in the past. It’s the same idea – bill a large organization fraudulently and hope you get paid.
Here is a summary of what happened in this case:
- Scammers pretended to be a known county vendor.
- The supposed vendor said they were due payment to a new account. The scammers filled out all the necessary paperwork designed to prevent theft and offered a fraudulent check as evidence of the new account.
- The county’s comptroller office paid a $710,000 invoice to the fraudsters in October 2019.
- The comptroller officials contacted police on October 25 when they discovered the invoice fraudsters were not the legitimate, known vendor.
- The money was redirected to an elderly woman’s account in Seattle and then redirected to several different accounts, which were identified and frozen by investigators to seize the funds.
- The recovery of the taxpayer funds was a joint effort involving financial crimes police, Nassau County district attorney investigators, the comptroller’s office and the county treasurer.
- No arrests have been made. Police identified three other municipalities, which were not named, that also were targeted.
- The phishing scheme targeted as many entities as possible around the country hoping for someone to fall prey to the plot.
The FBI has warned about business email scams in the past. We reported on this in 2016.
There is no way to be 100% protected – there are however many precautions all companies and organizations should take immediately. If you are protecting an industrial control system, this article has five steps worth considering.
Everyone should follow these steps:
1) Read cybersecurity essentials – a simple list which will help most organizations become far more secure.
2) Go to a phishing simulation vendor now and sign up for one of their offerings. Phish360 is great and costs nothing to get started. This is needed to train workers by testing them without their knowledge by sending real-looking emails to their inboxes. If they click, they are immediately trained on what not to do.
3) We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined.