The Ketchikan Gateway Borough is working to recover a $625,125 electronic payment that was sent to a fake vendor account on May 3, according to Borough Manager Ruben Duran.
The case is under investigation by the FBI, and a claim has been filed with the borough’s insurer, Duran said. The borough has made arrangements to pay the real vendor with a check via certified mail.
Duran provided an update to the borough assembly on May 6, followed by an interview with the Ketchikan Daily News on May 8.
The borough had intended to pay the contractor on the Dudley Field turf project on May 3 when it initiated an electronic funds transfer to the business. But that afternoon, Wells Fargo notified the borough that the bank had been made aware of a suspicious bank account that had received multiple transfer payments “under different vendor names,” Duran told the assembly.
“Wells Fargo identified that the borough had transferred those funds into this account.”
On May 6, the borough contacted the actual business that did the work at the field and verified that it had not received the borough payment.
Duran said Wells Fargo reported the contractor had been the victim of a cyberattack in which a “bad actor” had accessed email accounts and forwarded emails with amended payment instructions, routing numbers and bank accounts to divert payments.
A system assessment by the borough’s Information Technology Department found “no evidence of a breach in the borough system.”
The borough’s finance director filed a fraud case with the FBI and a report with Alaska State Troopers, in addition to notifying the carrier of the cyber insurance that the borough has in case of this type of incident.
“At this time, it’s a criminal investigation, so I’m being careful about what is released out while they do that investigation,” Duran said May 6. “We do not know if the money can be reversed. Wells Fargo is dealing with this, as well as our insurance. They’re hunting that down. But we’re not the only victim in this scheme. Apparently other communities, other organizations were hit.”
Duran said borough staff have reviewed the borough’s internal controls and have initiated extra training. “We’re going to be looking at some rewriting of our own controls to address this,” he said. “We thought they were pretty tight. And clearly, they found a way through.”
He said the documents appeared to be legitimate. “It’s very sophisticated.”
Duran said the borough obtained cyber insurance after some other Alaska cities were attacked in recent years.
In 2020, the City of Ketchikan’s Port and Harbors Department lost $19,500 in an email phishing scam. In that case, the fake emails used phrases, phone numbers, names, titles and logos from emails that had previously been exchanged between the department and an infrastructure firm.
In 2018, the Matanuska-Susitna Borough declared a disaster after a malware attack locked down its computer systems, affecting a wide array of borough functions and services.
“We all train for this, we all think we have all of the procedures in place. And then the bad actors that do this are always finding a way through it,” Duran said.
Reader Comments(0)