Scammer identity not yet known
[ By Katherine Nettles ]
Gunnison County’s finance department and treasurer’s office fell victim to fraudulent emails last winter that resulted in an initial $1 million loss. While the financial loss has been fully covered by a combination of the bank’s efforts and the county’s cyber fraud insurance policy, the county has since put new policies in place to prevent these situations in the future.
Gunnison County treasurer Debbie Dunbar confirmed last week that the scam occurred in early December of 2021 but wasn’t uncovered until the following month.
“It was discovered in January when I was notified by the bank of a possible fraudulent bank account,” she said. At the time of the scam, former Gunnison County chief financial officer Juan Guerra fielded an e-mail requesting a new electronic payment method to the county’s insurance vendor, County Technical Services, Inc. (CTSI) That request proved later to be illegitimate, but in the meantime Guerra found the attached invoice credible and forwarded it to a senior accountant on staff to process the $341,793 payment. It was passed to yet another accountant on staff, who updated the new payment method in the county’s digital management system. Dunbar then received a payment voucher and handled the electronic funds transfer to the newly provided bank account.
After two attempts to complete the electronic funds transfer payment, Dunbar requested the funds be recalled by the bank and believed that they had been. She then wired the funds to a different bank account provided by the fraudulent party. This added up to three separate payments of $341,793 totaling $1,025,379.
It was then that the county’s bank, Bank of the West, notified her that the wire transfer had gone to a fraudulent account. The bank has since recovered the $341,793 in wired funds, and the county’s actual cybersecurity insurance policy covered the remaining loss of $683,586.
Meanwhile, the county finance team met in early February to go over the problem of fraudulent emails. “Utilizing the ‘5-Whys’ root-cause analysis tool we were able to understand why this situation happened, why we were vulnerable to fraud, why our internal controls did not stop this, and what we need to do to ensure this cannot happen again,” wrote Guerra in a memo to county manager Matthew Birnie. The team then put several new measures in place, including an internal control policy strictly for change of vendor information including separation of duties involved; an approval process to change vendor information and requirement that changes be confirmed via telephone and not email; and that three departments (finance, treasurer, and IT) must be in coordination with this internal control process.
“As for safeguards in my office, the finance office now has to approve any ACH/wires that I have requested be sent,” said Dunbar. That new policy took effect in January.
Birnie said he did not know if the fraud was attempted on any other counties, or if the fraudulent party was ever identified. “CTSI sent out a notice to all of their clients (counties) when this was reported to them,” he said.
The insurance premiums have not been increased as of yet, but Birnie said that remains to be seen at renewal.