Monday, May 20, 2024

City of Tenino loses $280,309 to phishing email scam, state Auditor’s Office says

The city of Tenino fell victim to a fraudulent scheme that cost it $280,309 in public funds, according to the Washington State Auditor’s Office.

Former Clerk-Treasurer John Millard initiated 20 automated clearing house payments from the city’s bank account to multiple out-of-state bank accounts from March 19 to May 4, 2020, per a report. A series of phishing emails prompted the payments, many of which he did not get city council approval for.

The email was sent to multiple public employees in Washington state who were members of the Washington Municipal Clerks Association. The same day it was sent, the association notified members that it was illegitimate.

“While other recipients either deleted or ignored the email, contacted the association to confirm it was a phishing attempt or contacted their IT departments, Tenino’s Clerk-Treasurer did not,” the report says. Millard, who served in the U.S. military until 2016, had previously received training in cybercrimes, according to the report.

On May 5, 2020, the report says a Texas-based bank told Millard someone who came in to withdraw funds from an account that received an ACH payment and then tried to close the account.

Millard told the bank to contact the professional association, per the report, but the president of the association said she did not know about any such payments.

That same day, he informed the Tenino mayor, the state’s Auditor’s Office and Tenino police about the loss of funds, saying he had been deceived by a scam.

Millard resigned in December 2020 and moved out of state, per the report. Washington State Patrol investigated the scam but could not determine whether Millard personally benefited from the scheme.

Recommended:  Assange Wins First Stage in Effort to Appeal US Extradition

The case has since been turned over to the Federal Bureau of Investigation.

In all, Millard issued $336,968 in inappropriate ACH payments, per the report, but $56,659 in payments were returned to the city.


Got o Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

You may also enjoy reading, The definitions of “recently” and “discovered” leave a lot to be desired

Stay informed with the latest Cybersecurity trends, threats and analysis. Sign up to the realinfosec weekly cybersecurity newsletter today.

ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates