The City of Ocala will recover more than $700,000 and incur a loss of just $5,000 after an email phishing scam earlier this year resulted in funds being misdirected to a fraudulent account.
The recovered funds, which total $717,677.14, represent nearly 97% of the original amount that was misdirected as a result of a Business Email Compromise that took place in Oct. 2019. The payment, which was just under three-quarters of a million dollars ($742,376.73), was diverted from Ausley Construction Co. to a separate, fraudulent account posing as the business.
Since discovering the incident, the City has worked with local and federal agencies, filed insurance claims and made procedural changes within their departments to minimize future impacts.
The difference in funds remains at $24,699.59. After the City pays a $5,000 deductible, its insurance coverage will pay the remaining $19,699.59, which means the city will only incur a net loss of $5,000 from the incident.
The City has implemented the following processes and procedures to minimize future risk and exposure:
- Electronic Fund Transfers (EFT) emailed to the City without verification will not be processed;
- All vendor information changes will be processed through a department other than the one in which the request was received, and senior level management will have final review before changes are made;
- An electronic workflow process has been created to review changes made to vendor EFT payment elections and a manual verification process will occur before changes are finalized;
- Vendors with pending changes will be suspended until an authentication process has occurred at the department level;
- Periodic internal audits will be conducted on any recurring input changes to serve as a third-level security measure.
A criminal investigation related to this business email compromise is still ongoing.
For more information about the city and its departments, visit the City of Ocala website.