MANSFIELD — Mansfield’s finance director, Kelly Converse, is sharing with us the harrowing tale of how the city was almost spoofed out of nearly three-quarters of a million dollars.
“We lost sleep, the stress level was incredibly high, and it was like, 'How did we miss it?'” said Converse.
It started with an email pretending to be from the CFO of a trusted vendor.
“The treasury manager and the assistant finance director both received the same email. It eventually wound up from both places to the AP specialist, and she is the one in charge of updating vendor records, and she oversees the accounts payable process,” said Converse.
The email asked to update some banking information, and it appeared to come from a construction company the city regularly does business with. The request bypassed Converse, going straight to an accounts payable specialist who thought it was legit and then paid an invoice for $748,000 that they thought was going towards a major improvement project for Mansfield’s water treatment plant.
“She was recently promoted to that position and had only been doing that for three months, so she was new to that role and hadn't done any of those functions before. So, when she received this email from both people to whom she answers to, she was like I better address this email. However, she didn't stop to look at it and go, 'Is this reasonable? Are there any red flags in this email?'” said Converse.
Converse stated that when she first looked at the email, she immediately picked up on multiple red flags.
“The vendor email address that they were using ended in dot org, and I worked in nonprofit for years and so I am familiar with dot orgs being typically a non-profit corporation. So, I questioned that. Immediately, I questioned the fact that it was the CFO of this large company that was writing to us, asking for this very basic information. And then there was verbiage in the email that said we'd like to inquire about your company," said Converse. "So, they referred to us as a company, as though it was some kind of generic request but we're not a company, we're a government.”
A week after the payment was made, the receiving bank raised a flag, calling the transaction suspicious and alerting the city.
“Between the conversation with the banks, they did whatever it was they needed to do to put a hold on the account so that nothing else could be taken from it. And then we had to call BCI, we had to file an IC3 and file a report with the State Auditor's Office,” said Converse.
But things soon turned around, as of today, the bank was able to recover $536,000 of that money and the remainder will come from insurance.
“It's extremely rare to recover that much, it’s rare to recover any of it. Because typically the bad actors who do these kinds of criminal activity move the money out of the country before you're even able to trace it,” said Converse.
According to the Better Business Bureau, scammers target businesses that share their vendor database online.
“That’s exactly why whether you're a consumer or a business we advise that you not put too much personal information out there, because the more you put out there, the more the scammer knows,” said Vice President of Cleveland Better Business Bureau, Erika Dilworth.
Which is something Converse wants changed.
“Something that I find very concerning is that we get a lot of companies who regularly make public record requests of our vendor database. And I think there is too much information that is available that could be used nefariously. So, if our lawmakers would do something to tighten up the information that we could share and should share, I think that will help,” said Converse.
Moving forward, Converse says her office will use an independent verification for vendor emails and treat every email regarding payment as suspicious.
“You can't trust anyone, and you can't trust the information that is coming across your desk. You must verify first and trust later, and we didn't do that. We missed that step and it was a very costly mistake, but we are going to make sure it doesn’t happen again,” said Converse.
