[BreachExchange] Mayor, Council Release Emails Detailing Theft of $3.2m via Phishing Scam

Inga Goddijn inga at riskbasedsecurity.com
Wed Nov 30 17:54:34 EST 2016 

http://elpasoheraldpost.com/mayor-council-release-emails-detailing-phishing-scam/

Tuesday night, the City of El Paso released a limited number of emails
about the events related to the theft of approximately $3.2 million via an
email phishing scam.
<http://elpasoheraldpost.com/city-investigates-issues-related-vendor-payment-process/>

City officials said the release was “at the request of Mayor and Council to
enlighten the community (and) to assure the public that the City’s
financial management system was not compromised.”  They add that the entire
matter is “the subject of an ongoing criminal investigation and efforts to
recover the misdirected funds are underway.”

The names and contact information of the potential witnesses, victims and
suspects have been redacted to protect their identities during the ongoing
criminal investigation.

The investigation of the misdirection of funds and steps to recover the
funds are continuing.

According to city officials, the first misdirected payment occurred on
September 28, 2016, and involved approximately $2.9 million in state funds
for a project managed by the Camino Real Regional Mobility Authority
(CRRMA). The second misdirected payment took place on October 4, 2016, and
involved approximately $312,000 earmarked for city projects.

To date, approximately $1.9 million of the funds have been recovered – a
sum of $1.6 million of the approximate $2.9 million and a sum of $293,000
of the approximate $312,000.

The CRRMA is an independent governmental entity that was formed by the City
of El Paso in March 2007 and is regulated by the Texas Transportation
Commission. The City was granted authority to create the CRRMA and its
board by the Texas Transportation Commission to study, evaluate, design,
finance, acquire, construct, maintain, repair, and operate transportation
projects.

The CRRMA has a seven-member board – six members are nominated by the Mayor
and appointed by Council and its presiding chair is appointed by the
governor.

The City of El Paso provides the CRRMA organization with support services
for its daily business operations, such as accounting, auditing,
procurement and accounts payable, however the ultimate authority for
approval of payments rest with the CRRMA executive director.

*Timeline*

   - *August 22, 2016* – The Imposter Granite Construction Company
   exchanges a series of emails with CRRMA. During these emails, the
   fictitious checking account information is submitted and changed from the
   legitimate Paso Del Norte Trackworks Checking Account information. The
   differences in vendor name are caught by a Purchasing Department employee
   who brings it to the attention of CRRMA. CRRMA instructs the Purchasing
   employee that the vendor is just changing their checking account and to
   process the change.


   - *September 19, 2016* – The Imposter Granite Construction Company
   contacts CRRMA, the Comptroller’s Office, and the Purchasing Department to
   inquire about when the next payment will be processed. An accountant in the
   Comptroller’s Office questions the payment inquiry and forwards the inquiry
   to CRRMA. CRRMA responds to the Accountant and tells him he (CRRMA) has
   instructed Granite to contact him regarding all payment inquiries.


   - *September 29, 2016* – The real Granite Construction Company contacts
   CRRMA to inform him that they have not been paid. CRRMA does not contact
   the Comptroller’s Office.


   - *October 12, 2016* – The Comptroller’s Office contacts the real
   Granite Construction Office and asks if they received the $2.9 million
   payments. When the Comptroller is informed by the real Granite Construction
   that they did not receive the payment, the Comptroller submits a request to
   Wells Fargo to recover the payment.

To view the emails click either of the file links below:

Attachment – Limited Redacted Emails Related to Misdirection of Funds
<http://elpasoheraldpost.com/wp-content/uploads/2016/11/Attachment-Limited-Redacted-Emails-Related-to-Misdirection-of-Funds.pdf>

Attachment – Additional Emails Related to Misdirection of Funds
<http://elpasoheraldpost.com/wp-content/uploads/2016/11/Attachment-Additional-Emails-Related-to-Misdirection-of-Funds.pdf>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161130/c1f59809/attachment.html>

More information about the BreachExchange mailing list