SEMINOLE COUNTY, Fla. – Seminole County Public Schools, the Seminole County Sheriff’s Office, and the U.S. Secret Service are trying to find out what happened to more than $1 million of funds after the district fell victim to a scam.
A report News 6 obtained from the sheriff’s office shows a fraudulent email and header was received by district staff in December, and a $1.3 million dollar payment was made to a fraudulent account.
Recommended Videos
A spokesperson for SCPS declined to answer our questions Monday, citing the ongoing investigation.
[EXCLUSIVE: Become a News 6 Insider (it’s FREE) | PINIT! Share your photos]
“Upon discovery of an error, SCPS immediately took action and continues to work closely with law enforcement to address this incident. This is an ongoing investigation, and as such, no further details are available to be shared at this time,” Katherine Crnkovich APR, CPRC Communications Officer Office of Communications said via email.
News 6 also reached out to Superintendent Serita Beamon to ask when she was made aware of this incident and what impact it will have on the district’s finances. We received the same email response.
The report from the sheriff’s office is heavily redacted, but it does show the fraudulent email was received by staff in mid-December. The incident was reported to law enforcement on January 2.
SCSO’s Financial Crimes Task Force is now working the case, along with the U.S. Secret Service which is the primary investigative agency.
News 6 met with Jamie Krygowski, an assistant to the special agent in charge with the U.S. Secret Service, at the Orlando field office Monday. She declined to share specifics about the case but did say the Secret Service can share information about these types of crimes.
“The Secret Service cannot comment on ongoing investigations,” Krygowski said. “However, I can say we have successfully worked with Seminole County on this investigation which is a testimony to our partnership with them.”
The internet makes it easy for scammers to target people both personally and professionally. Business Email Compromise (BEC) schemes target businesses that use wire transfers as a form of payment, according to the Secret Service.
Erik Greene, a Network Intrusion Forensic Analyst with the U.S. Secret Service in Orlando says people typically fall for these scams because they are so convincing.
“You’re getting something from the email from a company that you directly work with, and these scammers are switching just one letter in this email domain, and you might not even notice it,” said Greene.
A scammer may send an email message that appears to come from a trusted source or someone you know and make a request that seems legitimate.
The FBI offers the following examples:
- A vendor your company regularly deals with sends an invoice asking to update information.
- A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away.
- A homebuyer receives a message from his title company with instructions on how to wire his down payment.
Although Seminole County Public Schools, the Seminole County Sheriff’s Office, and Secret Service are not sharing much information about their case, the report from SCSO shows the email was received by a staff member who is listed as an employee in the finance and budget office. Specifically, the district’s website shows this employee’s position is within the Accounts Payable Department, which typically handles vendor invoices.
Last year, Flagler County Schools also lost $700,000 to scammers when funds were sent to a fraudulent vendor bank account.
News 6 learned from Sheriff Rick Staly that the money was supposed to go towards the Matanzas High School expansion project.
“It was discovered because the contractor was looking for payment. The district said they had sent the payment, but the contractor never received it,” Sheriff Staly said.
The sheriff said it was unlikely the money would be recovered.
Data from the Federal Trade Commission shows a reported $10 billion lost due to fraud in 2023, and more money was lost to bank transfers and crypto currency than all other methods combined.
Greene shared with News 6 numbers regard BEC scams, which include over $3 billion in losses last year. It marks a 50% increase over reported losses in 2022, according to the secret service.
“If you’re working with these companies where you do owe money or something like that where you would be convinced to wire funds like this, just be sure to verify these accounts,” said Greene.
The U.S. Secret Service offers the following advice:
- Register all similar domain names that can be used for spoofing attacks.
- Create rules that flag and delineate emails received from unknown domains.
- Monitor and/or restrict the creation of new email rules within the email server environment.
- Enable multi-factor authentication
- Conduct BEC drills, similar to anti-phishing exercises.
- Educate employees, clients, and vendors to:
- Authenticate all financial transactions through dual-factor authentication.
- Confirm all payment method changes using trusted and authenticated information.
- Learn the habits of those with whom they conduct financial transactions.
WARNING SIGNS
- Urgency of Request: A request to transfer funds is sent with a pronounced sense of urgency.
- Different Domains: Email communication originates from unknown or spoofed domain.
- Out of Contact: Requestor is unreachable but insists on the urgency of the transfer.
- Language and Grammar: Syntax is different or erroneous.
- Multiple Emails: Multiple recipients receive emails requesting transfer of funds.
- Incorrect Context: Emails are not in the standard context normally encountered or for alternate business purposes while requesting a transfer of funds.
- Secrecy: Email sender requests that information about transfer be kept secret.
RESPONSE
- Time is money! An immediate response is crucial, funds are moved within minutes of a BEC incident.
- Contact your bank to reverse the wire, for hold harmless and indemnification.
- Contact local law enforcement to request a report, which is needed to reverse a wire.
- Contact a Secret Service field office Cyber Fraud Task Force
- Law enforcement can work with FinCEN to initiate Financial Fraud Kill Chain. .
- File a complaint with the Internet Crime Complaint Center (IC3).
- Review email systems for unauthorized access or rule creation.
- Conduct a cyber security analysis on your systems.
- Change all login credentials.