Scammers Posing As Vendor Steal $660K From Marshfield School District

Marshfield Case Follows Similar Scam Targeting Milwaukee Parochial School

School lockers
wired_gr (CC BY-NC-ND 2.0)

Scammers posing as a trusted vendor stole $660,000 from the Marshfield School District last month in an attack broadly known as a business email compromise or BEC.

On May 22, the district paid the money to what it thought was a vendor contracting with Marshfield schools. The purported vendor had contacted the district’s business office in April saying it had changed bank accounts and needed a bank routing form from the staff.

“The fraudulent individuals did a very elaborate job of creating and presenting an email that looked very authentic,” said Marshfield School District Superintendent Ryan Christianson.

Stay informed on the latest news

Sign up for WPR’s email newsletter.

This field is for validation purposes and should be left unchanged.

But on May 30, the district office got a call from the actual vendor they’d done business with in the past saying the company hadn’t received payment. Christianson said by then the money was already gone.

“This in general serves as an unfortunate reminder of how vulnerable we all are to these types of scams,” said Christianson. “I think we’re all being bombarded by them. It really has been a very difficult situation to work and live through here the last couple weeks.”

But Christianson said the district was lucky when a suspicious transaction was flagged in Florida.

“The main attempt at exchange of that initial $660,000 was caught by a credit union and halted as a suspicious transaction,” said Christianson. “That’s what led to us, very fortunately, being able to recover nearly a half a million dollars of that $660,000.”

The district has filed an insurance claim in hopes of covering the remaining $160,000. Christianson said they haven’t heard back from their insurance provider.

He said it was a sickening experience for the district but he’s hopeful that others can learn from their mistake.

“I would say the big thing is clearly a good old fashioned phone call needs to follow up with these things to make sure that it is authentic,” said Christianson. “That alone in this situation could have prevented the scam from happening.”

The scam in Marshfield is not uncommon. In February, St. John XXIII Catholic Parish in Port Washington had $510,000 stolen in a nearly identical attack.

Lea Dearing is an attorney and shareholder at Atlanta lawfirm Berman, Fink, Van Horn P.C. She researches BEC schemes and advises businesses who have been hit by similar attacks. She said the scam has been around for years and first targeted lawyers involved in real estate transactions.

“As lawyers became more vigilant and as it became more difficult to trick the closing agents, you saw the attackers kind of pick new victims and expand to new areas,” Dearing said.

Dearing said this is a very common scam perpetrated by an underground industry.

“This is something that is coming from abroad that is prolific,” said Dearing. “There are thousands, if not tens of thousands, of people that are dedicated, maybe more, to launching these attacks across the U.S. and across the world. This is not a handful of criminals.”

According to an annual report written by the FBI’s Internet Crime Complaint Center, there were 351,936 complaints about BEC attacks leading to extortion, tech support fraud and payroll diversion in 2018 with “losses exceeding $2.7 billion.”

Dearing suggests schools, local governments and businesses purchase cyber crime insurance and create redundancies with multiple eyes watching over financial transactions.

“It needs to go through three different loops,” said Dearing. “One, is a live phone call with the vendor. Two, is a receipt of a written request to change instructions with an inked pen signature. Then it needs to be, at the payer’s place, at least two people to approve that.”

Dearing said scammers prey on individuals who make innocent mistakes when they move too quickly with online financial transactions.