Nassau County, New York, suffered a phishing attack that involved paying a $710,000 invoice to fraudsters. However, investigators were able to recover the funds for the Long Island-based county. Details surfaced in Newsday, a Long Island-based newspaper.
According to the report:
- Scammers pretended to be a known county vendor.
- The supposed vendor said they were due payment to a new account. The scammers filled out all the necessary paperwork designed to prevent theft and offered a fraudulent check as evidence of the new account.
- The county's comptroller office paid a $710,000 invoice to the fraudsters in October 2019.
- The comptroller officials contacted police on October 25 when they discovered the invoice fraudsters were not the legitimate, known vendor.
- The money was redirected to an elderly woman’s account in Seattle and then redirected to several different accounts, which were identified and frozen by investigators to seize the funds.
- The recovery of the taxpayer funds was a joint effort involving financial crimes police, Nassau County district attorney investigators, the comptroller's office and the county treasurer.
- No arrests have been made. Police identified three other municipalities, which were not named, that also were targeted.
- The phishing scheme targeted as many entities as possible around the country hoping for someone to fall prey to the plot.
The report did not mention whether the county leveraged digital forensics consultants or MSSPs (managed security services providers) to investigate the crime and recover the funds.
