Grand Jury: Fresno could have avoided $600k phishing scam

Fresno taxpayers were scammed out of more than $650,000 by a phishing scam. A forthcoming Grand Jury report alleges that the loss was entirely avoidable.

An upcoming report from the Fresno County Grand Jury found that the City of Fresno would not have been scammed out of more than $600,000 a few years ago had the Finance Department correctly followed its own policies. 

The report, which was obtained by The Sun, is scheduled to be released to the public on Thursday. 


The backstory: Fresno was the victim of a $613,737 wire fraud scam in 2020 over a deal the city had with a contractor for the construction of the Southeast Fresno police district station. 

  • In January 2020, the city sent $324,473 to the scammers and another $289,254 in March. 
  • Lassen Corporation, the Bakersfield-based contractor, had threatened to walk off the job because of failure to receive payment, tipping the city off that it sent the money to a scammer. 
  • The Fresno Police Department started investigating in April 2020, and the FBI took over the case later that year in November. 

The big picture: The Grand Jury’s third report of the year, titled “Gone Phishing: How the City of Fresno Fell Victim to a $613,737 Scam,” investigated the internal practices of the city’s Finance Department. 

  • According to the report, Lassen Corporation began construction on the police station in April 2019 and requested that the installment payments be made by physical checks. 
  • But on Jan. 6, 2020, the Finance Department received an email from the scammer who identified as an “accounting specialist” for the construction company and requested to be paid via an Automated Clearing House (ACH) fund transfer – something city staff told the grand jury is not common. 
  • The Finance Department then emailed an ACH form to the scammer, who promptly completed it and returned the form by email. 
  • “The fraudulent emails appeared to come from the legitimate contractor, but they did not,” the Grand Jury report reads. 

Zoom in: The Grand Jury investigation revealed that the domain extension of the fraudulent email addresses ended in “.us,” but Lassen Corporation’s email address ended in “.com.” 

  • The city failed to detect the fraud even though an early response by the city to one of the fraudulent email addresses was returned as undeliverable. 
  • According to the report, scammers also gave multiple bank account numbers located in different states, which the city failed to detect as a scam. 

Go deeper: The scammers never submitted fraudulent invoices to the city, instead just simply emailing the Finance Department requesting the change to payment via ACH. 

  • “Based on a review of documents and interviews, it appears they simply scoured the internet for large construction contracts being awarded by local governments,” the report reads. “Using real data gleaned from the City Council agendas and minutes, they were able to identify this particular contract, used what information was publicly available, and initiated a successful phishing scheme on unsuspecting city employees.” 

The city’s policies: Fresno’s Finance Department had existing policies in place that required employees to first authenticate that the ACH form submitted by the vendor is actually from the vendor of record. 

  • The policies also require that a zero-dollar pre-notification is sent by the department to the recipient bank to verify that the bank information matches the information put into the city’s financial system. 
  • A different city staff member is required to review all large disbursements to verify payment details at the end of the business day. 
  • The Grand Jury found that the policies failed “for the most basic of reasons: the authentication of the ACH form did not happen, and the end of the day lage disbursements confirmation procedure was not performed.” 
  • Further, the Grand Jury report states that it appears not all Finance Department employees were properly trained. 
  • “According to witness interviews, the incident resulted in serious reflection and introspection within the Finance Department,” the report reads. “Awareness of the potential for future fraud has been significantly heightened.” 
  • Now the city appears to be following policy and exhibiting sound business practices, the Grand Jury found. 

What we’re watching: The Grand Jury submitted 11 recommendations to the Fresno City Council to deal with the issue, including that the council should ensure that any changes to an existing vendor payment method are approved by the Director of Finance. 

  • The Grand Jury also recommends that only the Director of Finance be authorized to bypass the zero-dollar prenotification process via banking institutions.
Related Posts