Financial fraud hits Tom Green County
The Tom Green County Sheriff's Office is working on a financial fraud case involving the county, Florida and an African country.
"It's a difficult case to solve because a lot of it is out of the country," said Sheriff David Jones. He added that his office has already worked with two school districts — Wall ISD and Grape Creek ISD — that had big thefts involving financial fraud.
"They are hitting everybody," said Jones, who added that his staff is working on the most recent investigation with federal agents.
Paying close attention to bank statements paid off for Tom Green County.
While reviewing bank statements in early April, County Treasurer Dianna Spieker discovered discrepancies that alerted her to financial fraud. Unauthorized transactions amounting to about $10,000 in checks and more than $30,000 in electronic fund transfers had occurred sometime in March.
The checks ranged from about $175 to $2,400, she said.
All the electronic transfer money has been recovered, "but the checks are harder to collect because they were cashed in Florida and they traced back to an African nation," Spieker said.
At the end of July, Spieker told the Commissioners' Court there was only a slim chance that about $7,200 paid in checks would be recovered.
The culprits took a copy of Treasurer's office checks, erased all of the payee information and wrote out checks to various people.
Dianna Spieker, treasurer for Tom Green County, warns local businesses and residents to watch out fraud and scams. (Photo: Courtesy Dianna Spieker)
While county officials' names were listed at the top, those were not the names that were signed at the bottom of the checks. "They took a modification of our names. So anybody that cashed those checks would have known … you could just look at them and tell they were fraudulent," Spieker said.
When the county issued stop payments on the ones they were able to collect back, Spieker got several calls from upset people in Florida. She had to explain that she never wrote them the checks.
Why did it take so long for the discrepancies to be noticed?
The treasurer has a few theories:
"Technology is great, but it also has loopholes," Spieker said, adding that financial institutions used to have actual people handling the checks as they came through.
"Well, now it's all computerized and there’s not really eyes on it," she said. "So the only time you see it is when you balance your bank statement ... and that’s when we discovered it. We notified everybody immediately."
Spieker also speculated that many of the checks were cashed "at the little check-cashing places, so I’m sure they were a part of it," she said. "But that’s just an assumption."
Is the county safe now?
Tom Green County finances are locked down and on high alert, so it's hard to cash anything right now, Spieker said, adding that she's implemented security measures countywide.
"We are not just focusing on the Treasurer's Office, but for all (county) offices that cut checks — such as the jail, the county clerk and district clerk," she said. "If it was easy to get to us, they could just jump to another bank account."
Security measures put into place in the county include:
1. A second layer of permission requirement for electronic transfers.
"When anybody tries to draft our account it sends me a notification," said Spieker, adding that the notifications come to her phone 24/7.
"Then I go through and look to see if it's an authorized person – such as the IRS that drafts our tax payments to them, or the state comptroller drafts the state report money," she said.
"Even though I have given them permission through my secured access, now I also have to give them permission through our bank," Spieker said. "So that stops the ACH fraud or the electronic funds transfer."
2. She also created a red flag system for checks. "On the check side, now we upload a file every time we cut checks to the bank," Spieker said. "It lists the check number, the payee, the amount. If those three things don’t jibe, then we get a report asking “is this good?”
3. When the county is asked that question, "If we don’t answer within a set time, then it's automatically kicked back," Spieker said. "If something were to happen that it was a legit check, we’re going to apologize...to the vendors that get caught up in this, but we will make it good. And we won’t have fraud."
Wall Independent School District was also hit in April.
While Superintendent Russell Dacy was out of the office for 10 days because of an injury, someone spoofed his email account and requested four wire transfers. While one attempt was intercepted, Wall ISD ended up transferring to a total of $45,472 to three bank accounts.
In this, Monday, Dec. 12, 2016, photo illustration, a woman types on her laptop, in Miami. Details from the Department of Justice indictment of Russian hackers on Wednesday, March 15, 2017, show that many people are still not taking routine precautions to safeguard their email accounts, and hackers are exploiting that. (Photo: Wilfredo Lee, AP)
"It looked like I had requested the transfer of funds each time," said Dacy, outrage tingeing his voice. The situation was caught when the superintendent returned to work and was catching up on things that happened during his absence. He immediately contacted the authorities.
Officials worked with investigators and recovered about $25,000.
Dacy said he learned an important lesson. "We get used to being trusting and set in our routines," he said. "But this was an important reminder that you have to be careful."
Since then he and his staff have implemented security measures regarding funding authorization, email and other matters. They also attended a training in June at the Region 15 Education Service Center for all area school districts regarding email hacking, malware and more.
"Technology allows these (people) to be faceless, nameless and hard to catch," Dacy said. "This is a problem for everyone."
Spieker, with the county, agreed. Even after the county had implemented the safeguards, there were several attempts on its accounts, she said.
"They’re tenacious. It took them a while to get the message that our accounts were locked off," she said, adding that the attempts have stopped.
However, Spieker cautioned Tom Green County businesses and residents to be careful and to keep an eye on their bank statements and accounts.
"If they are in Tom Green County hitting places, they’re going to keep jumping around until they get the message or until someone gets caught," she said. "Then they’ll move somewhere else."
Meanwhile, Spieker has faith in the TGC Sheriff's Office. "I have faith that if anyone can collect it, it’ll be our Sheriff’s Department," she said. "If we recover funds, that will be great."
The 2017 Association for Financial Professionals Payments Fraud and Control Survey — which had 547 responses — reported that payment fraud is growing.
It reported that 74 percent of survey respondents said their organizations were victims of business email compromise (BEC) in 2016. That is a 10 percent increase from its 2015 survey.
It also reported that 75 percent of organizations that were victims of fraud in 2016 experienced check fraud — an increase from 71 percent in 2015.
The survey also holds that 63 percent of payment fraud attempts were made by outside individuals.
The Federal Bureau of Investigations started tracking BEC in 2013 and has compiled statistics on more than 7,000 U.S. companies that have have lost more than $740 million in total. That's not counting victims outside the U.S. and unreported losses.
The FBI website offers some safety tips:
- Verify changes in vendor payment location and confirm requests for transfer of funds.
- Be wary of free, web-based e-mail accounts, which are more susceptible to being hacked.
- Be careful when posting financial and personnel information to social media and company websites.
- Regarding wire transfer payments, be suspicious of requests for secrecy or pressure to take action quickly.
- Consider financial security procedures that include a two-step verification process for wire transfer payments.
- Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail but not exactly the same. For example, .co instead of .com.
- If possible, register all Internet domains that are slightly different than the actual company domain.
- Know the habits of your customers, including the reason, detail, and amount of payments. Beware of any significant changes.
Article From:- https://www.gosanangelo.com