The good news is that St. Johns County recovered about $600,000 of taxpayer money that scammers stole recently. But there’s still another half-million dollars to be recovered.
Meanwhile, local and federal investigators are trying to determine what happened and find ways to prevent another attack.
County documents show that the issue began in July, when staff thought they were working with a construction company in Loxahatchee. But the contact’s email was unusual — @dbehdd.co — and not a proper “.com” as a real company would have. It appears the hacker was using a fake email address to assume a real company’s online identity.
The false company emailed the county, saying that “we are not accepting check payments due to unclear/bounced checks from some of our clients.” The fake contact also said they wanted to streamline their financial processing, so she requested the digital transfer of money, and the county sent a payment of more than $551,000.
Documents provided by St. Johns County show a second payment of more than $612,000 was sent to the bogus company in September. Then the real company, with a proper “.com” email address, alerted the county that it had received no money on the contract. A county utility manager learned of the fraud, as seen in an email Sept. 27.
The St. Johns County Sheriff’s Office and Secret Service are jointly investigating. But “due to this being an open and active investigation, we have nothing readily releasable at this time,” the Sheriff’s Office said.
The county worked with a bank to get the $612,000 payment reversed in early October. Then Clerk of Court Brandon Patty updated the county commission this week, saying scammers do this “day in and day out and we need to be one step ahead.”
The technique is known as business email compromise, when criminals gain a foothold in an email account. They wait until payment is requested on a project or contract, then “insert themselves into the conversation in an attempt to change bank information and defeat internal controls,” Patty told the commission.
“We are cautiously optimistic that we will recover the other part as well as invoking the insurance — there is insurance for these types of events, unfortunately,” Patty said. “In addition, we have been reviewing internal processes and we have a policy in place in order to have secondary controls in order to be able to protect these dollars. We continue to review that.”
Patty said the county will now seek a third party to review payment requests and continue finding a way to get the rest of the scammed money refunded, since “protecting taxpayer dollars is my highest priority.”