Enfield officials reveal details of cybercrime
Published: 11-20-2024 5:30 PM |
ENFIELD — A town employee was tricked into providing the town’s bank account information in a fraud scheme that led to $742,000 in town funds intended to pay for a contractor instead being funneled into a fraudulent bank account.
Officials are describing the incident as a cybercrime that echoes a similar event in Norwich a few years ago.
Enfield’s Town Manager Ed Morris and Selectboard board members disclosed for the first time the extent of the stolen funds during Monday’s Selectboard meeting after first alerting the public that a town employee had fallen victim to a fraudulent scheme last week.
They also said that quick action by banking security personnel had “frozen” about $450,000 of the stolen funds, hopefully mitigating the extent of any final loss to town coffers.
“It was a pretty swift response,” Morris said at the Selectboard meeting. “In this world of cybersecurity attacks, the fact that Bank of America was able to secure those funds so quickly and stop some of it, is a testament to how closely they’re watching things.”
Enfield announced last week that it had placed a town employee on leave after it had discovered on Nov. 4 that a “substantial amount” of funds were taken from one of the town’s bank accounts in a “cybersecurity incident” that occurred when the employee “did not follow established office procedures” in responding to a request to update bank account information to pay a vendor.
That lapse led to an estimated $742,000, which was held in a Enfield town account at Mascoma Bank, to be unlawfully transferred into a fraudulent account set up at Bank of America, according to town officials. The fraud scheme is under investigation by the U.S. Secret Service, which is the primary federal agency charged with investigating cyber financial crimes.
The money that was stolen came out of the town’s public safety building project fund, which was set up to hold money to build the town’s $7.2 million new public safety building, which is currently under construction on Route 4.
Article continues after...
Yesterday's Most Read Articles
Morris, in an interview with the Valley News on Wednesday, said the $742,000 that was transferred to fraudulent account was an intended payment for the company constructing the facility.
Morris said he does not expect the stolen money to have an impact on the project “at this time,” although he held out the possibility that could change depending on the final accounting of the loss.
“Everything will be moving forward as normal,” he said on Wednesday, adding “they are building today.”
But “if we find out the final amount (and) then don’t know how we can do things, we may need to go back to the Selectboard to have some discussions,” he said.
Funds for the town’s operating budget are held in a separate account and the money stolen out of the public safety building fund “doesn’t affect the 2024 budget immediately, so it gives us some time to work through the issues,” Morris said.
By responding to the email for bank account information, the employee handed over the key for access to bad actors.
“Basically a staff member was tricked into changing a bank account number for one of our vendors and then the next payment to that vendor was directed to the fraudulent bank account,” Erik Russell, chair of Enfield’s Selectboard, said at the meeting.
The town has not identified the employee involved, but Morris said the employee and town had come to a “mutual agreement” and were “parting ways.”
Last week, Enfield posted a job opening for a “accounting/payroll clerk” position that pays from $28 to $32 per hour.
A similar cyber incident occurred in Norwich in 2019 when the town’s former finance director was duped in an email scam that resulted in $250,000 being stolen out of the town’s general fund. Norwich eventually was able to recover $80,000 from the recipient bank and $169,000 from the insurance carrier.
Enfield officials at the Selectboard meeting said that they were investigating how much of the stolen money they might be able to recoup under the town’s insurance policy. But they were not holding out expectations it would cover anywhere near the difference between the amount that has been frozen and is expected to be returned, and the amount that is still unaccounted for.
Asked by a resident how much money might be covered through insurance, Morris replied that “it looks right now” that the amount could be up to about $75,000, cautioning that town officials are being conservative in any estimates in order to take into account “the worst case scenario.”
Enfield, like other municipalities in the state, is ensured by New Hampshire Public Risk Management Exchange (Primex).
“We do have some cybersecurity insurance. Pending the outcome of the investigation and what they find we may be able to get a little bit of recuperation from them to help minimize the impact as much as possible,” Morris said.
Selectboard members and Morris said they will be reviewing the town’s fraud insurance policy to make sure it is adequate to encompass potential future cyber crimes.
In a news release on Tuesday, Enfield said the town is working with a “third-party cybersecurity team” and the U.S. Secret Service to identify how the information used in the cyberattack was obtained and to explore ways to reclaim additional funds.
Asked if authorities are weighing any criminal charges against the former employee who responded to the request for the town’s bank information, Morris demurred in replying. “At this time everything is still under investigation,” he said.
Enfield said that Mascoma is working “in a collaborative effort” with Bank of America “to recover and return the frozen funds to the town as quickly as possible.”
He cautioned that the information about $450,000 in stolen funds had been frozen by Bank of America is “what we’ve heard. We haven’t confirmed that.”
Enfield, in a news release, said the town “remains focused on improving employee awareness and strengthening our cybersecurity measures to prevent similar incidents in the future.”
Russell, the Selectboard chair, said the board “will be taking on a full review of all our financial policies and whatnot” to make sure they follow secure protocols in managing the town’s funds.
But in the wake of the security breach the town already has made one change, he said.
“We have pulled back on the ability to do electronic transfers to the limit of what is currently our cybersecurity (insurance) and everything else will have to be paid by check,” Russell explained.
He said that will continue to be the policy “until we wrap our heads around everything.”
Contact John Lippman at jlippman@vnews.com.