The town of Erie in Colorado has been duped by a business email compromise (BEC) scam. A payment of $1.01 million intended for the construction firm contracted to build the Erie Parkway bridge was sent to a bank account controlled by the scammers.
In contrast to most BEC scams that are conducted via email, this scam was performed via the town’s website. A form on the website was used to make a change to the payment method for SEMA Construction in October 2018.
SEMA Construction had been due to receive payment by check, but the scammers requested the payment be made by electronic bank transfer and provided bank account details for the payment. Town officials verified the information on the form for accuracy prior to making the change and issuing payment, but crucially, SEMA Construction was not contacted to verify the authenticity of the request. The failure of the member of staff to perform that important check, which was in violation of new guidelines for payments, resulted in a $1.01 million loss. The employee in question resigned when the fraud was discovered.
The bank account supplied by the attackers was based in the United States, but as soon as the money hit the account on October 25, 2018 the funds were sent via wire transfer outside the United States.
The scam came to light on November 5, 2018 when Erie officials were notified by the bank that a fraudulent transaction may have been performed. The town contacted SEMA Construction which confirmed that a change to its payment method had not been requested.
Several steps have now been taken by the town to improve protections against fraud. The website form has been removed, and electronic bank transfers were temporarily suspended pending improvements to security.
The town has created two new positions and is currently attempting to recruit an accounting manager and a finance manager. Those individuals will be responsible for overseeing the towns financial operations. The town has also recruited a risk manager, which is now a full time rather than part time position.
Erie Town Administrator Malcolm Fleming told the Denver Press, “These additional positions will provide additional support, oversight, segregation of duties and management of the town’s financial operations, which have expanded significantly in magnitude and complexity as the town has grown in population.”
Town officials are working with local law enforcement and the FBI and attempts are being made to recover the stolen funds. The town is covered by an insurance policy and has made a claim for the stolen funds.
BEC scams are on the increase. Figures from the FBI’s Internet Crimes Complaint Center (IC3) indicate $1.2 billion was lost to BEC scams in 2018. Some of the scams have resulted in huge losses. In September, Toyota Group lost $37 million to a BEC scam and the media firm Nikkei lost approximately $29 million in September.