Skip to main content
Clear icon
47º

Most of $1.3M stolen in Seminole schools phishing case to be recovered, superintendent says

Cybersecurity incident happened in December, sheriff’s office says

Seminole Schools Superintendent Serita Beamon speaks to reporters. (Copyright 2024 by WKMG ClickOrlando - All rights reserved.)

SANFORD, Fla. – Seminole County Public Schools is in the process of getting much of the $1.3 million stolen last December by cybersecurity scammers will be recovered, according to the district’s superintendent.

Superintendent Serita Beamon provided the update during the district’s State of the School event on Monday.

Recommended Videos



In March, News 6 obtained a Seminole County Sheriff’s Office report that showed a fraudulent email and header sent to district staff last December. Subsequently, $1.3 million in school funds was sent to a fraudulent account, the report said. The report was heavily redacted and the school district has not provided any other information on how this happened. The incident was reported to the sheriff’s office in January.

Since then, the sheriff’s office has been working on the case with the U.S. Secret Service, which is the primary investigative agency.

[EXCLUSIVE: Become a News 6 Insider (it’s FREE) | PINIT! Share your photos]

“We can’t talk in detail because it’s an ongoing criminal investigation,” Beamon said Monday. “But our local law enforcement have worked with federal enforcement. We are already in the process of recovering upwards of 99% of funds taken. It’s a detailed process.”

An analyst with the U.S. Secret Service explained to News 6′s Catherine Silver back in March how people typically fall for scams like this one.

“You’re getting something from the email from a company that you directly work with, and these scammers are switching just one letter in this email domain, and you might not even notice it,” said Network Intrusion Forensic Analyst Erik Greene.

A scammer may send an email message that appears to come from a trusted source or someone you know and make a request that seems legitimate.

The U.S. Secret Service offers the following advice for businesses to avoid getting scammed:

  • Register all similar domain names that can be used for spoofing attacks.
  • Create rules that flag and delineate emails received from unknown domains.
  • Monitor and/or restrict the creation of new email rules within the email server environment.
  • Enable multi-factor authentication
  • Conduct BEC drills, similar to anti-phishing exercises.
  • Educate employees, clients, and vendors to:
    • Authenticate all financial transactions through dual-factor authentication.
    • Confirm all payment method changes using trusted and authenticated information.
    • Learn the habits of those with whom they conduct financial transactions.

WARNING SIGNS

  • Urgency of Request: A request to transfer funds is sent with a pronounced sense of urgency.
  • Different Domains: Email communication originates from unknown or spoofed domain.
  • Out of Contact: Requestor is unreachable but insists on the urgency of the transfer.
  • Language and Grammar: Syntax is different or erroneous.
  • Multiple Emails: Multiple recipients receive emails requesting transfer of funds.
  • Incorrect Context: Emails are not in the standard context normally encountered or for alternate business purposes while requesting a transfer of funds.
  • Secrecy: Email sender requests that information about transfer be kept secret.

RESPONSE

  • Time is money! An immediate response is crucial, funds are moved within minutes of a BEC incident.
  • Contact your bank to reverse the wire, for hold harmless and indemnification.
  • Contact local law enforcement to request a report, which is needed to reverse a wire.
  • Contact a Secret Service field office Cyber Fraud Task Force
  • Law enforcement can work with FinCEN to initiate Financial Fraud Kill Chain.
  • File a complaint with the Internet Crime Complaint Center (IC3).
  • Review email systems for unauthorized access or rule creation.
  • Conduct a cyber security analysis on your systems.
  • Change all login credentials.

Get today’s headlines in minutes with Your Florida Daily: