El Paso city bungs $3.2m to email crooks pretending to be bosses After keeping quiet for days, the city of El Paso, Texas, has finally admitted that it has fallen prey to "CEO fraud" emails that saw scammers funnel $3.2m from the authorities using bogus invoices. The city is building a $97m streetcar project in its downtown district, but red flags were raised in October when a key …
The last time I dealt with government purchasing it was based upon with a list of known agencies and accounts, to become "known" required a lengthy process of form filling and validation before any money could change hands.
Clearly they were ripped off because they were at best slack and stupid and/or because they were complicit in the theft, either way they should be held accountable rather than just blaiming the "tinternet" for being unsafe and confusing. If they did not know what they were doing then why were they holding the purse strings
Any money paid by a government entity should always be part of a well-written and verified contract. Any proper contract would include the exact destination of funds along with the payment schedule. At the outset of the contract it should be known "On this day, provided the contracted tasks have been completed in a satisfactory manner, the sum of $300,000 USD is to be transferred from <routing/account number of city's coffers> to <routing/account number of contractor's coffers>". Any changes to the amounts, schedule, or the source/destination should go through the lawyers and the bean counters of both organizations.
Hell, this should apply just as well to all organizations. The CxO / Mayor / Council / Governor / Head of State should never have the authority to just authorize payment or any money transfer without explicit authorization for each transaction by the responsible legal and financial authority. These 'CEO Scams' would be dead in the water if organizations would just follow procedure. The problem, and sole reason the scam exist, is the massive ego of those in power and they want control over everything, especially the check book.
Dear Reg editors,
This is Iain Thomson really riting this mail. Due to totally legitimat resans including pregnancy and climate change I have changed my bank account, Please to dep0sit my payment for this article to my new bank account with the Bank of Nigeria, sort code FF-UU-KK, account number 5318008, thanking you very much
Singed,
Iain Thomsan
---- scaned by Nortonn Anti-Virus, 100% secure trustiness ----
"City Attorney Sylvia Firth later acknowledged that the city hadn't been instructed by the police to keep quiet about the fraud, but had simply been advised that it might be better to do so."
Was it the police who 'advised' them to do that or was it their PR department?
Sounds like the same MO as was perpetrated on both the Brisbane ($450K) and Townsville ($300K) City Councils in August.
http://www.brisbanetimes.com.au/queensland/townsville-also-targeted-by-scam-as-state-put-on-alert-20160819-gqw9x2.html
Interesting the little old Oz was ahead of its bigger TransPacific cousin.
Even though it will only carry pedestrians and isn't really needed to ease congestion, it will have gardens and so forth and will be a real treasure for residents. The £30 million that the government has already provided ran out some while ago so another payment of a few million is needed for more research to be done on this project.
Having an office for a year overlooking the Millennium bridge I can assure you it was extremely well used by pedestrians during that time. Including myself. Lovely view actually, when the need for procrastination becomes overwhelming, a few minutes gaze across the river to St Pauli is lovely.
I've seen one or two invoice scams in my spam folder. Obviously random. These successful scammers must be studying the companies they're impersonating - or hacking into their email accounts etc. Accounts Payable clerk gets invoice, verifies payee and amount, cuts a check, mails it to scammer's PO Box shown on invoice.
That form of fraud isn't new. What's new is the ease of hacking in and gathering information, and the ease of impersonating people who never talk to each other on the phone or in person.
The MD was on a scheduled visit to the USA and a very plausible email in their name made it through to the finance manager. They were about to pay it when something in the back of their mind led to call the MD and check.
We think that they had been researching the MD and used social media to work out when they were travelling.
One of my clients recently outsourced their accounting to India. So at one point I received an email in somewhat uncertain English asking me for my bank details because they needed to make a payment. Obviously, I trashed it without reading it. I realized what happened only months later when I noticed I wasn't getting paid any more.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
