Manatee County falls victim to cybercrime that could cost taxpayers $1.4 million
BRADENTON, Fla. - Cyber criminals pulled a fast one on Manatee County, and it could cost taxpayers $1.4 million. All it took was an email and a fake invoice.
Neal Land and Neighborhoods works with Manatee County through a public-private partnership to build roads and other amenities.
Their last payment from the county never arrived.
"We reached out for our normal payment or for our payment that had been processed, and they said essentially somebody else received it," said John Neal, the president of Neal Land and Neighborhoods.
The County Clerk and Comptroller’s office said money in the amount of just under $1.4 million had been wired to a different account, out of state.
"I know it’s a new part of the world, a new part of the electronic world which we operate. We are going to pay close attention to our procedures, and I know Manatee County and other businesses need to do the same," said Neal.
Angel Colonneso, the Clerk and Comptroller for Manatee County, said in a statement:
"Late last week, we learned our county was the victim of a highly sophisticated fraud. It involved multiple entities at various stages of the payment process. As Comptroller, funds were delivered based on fraudulent information and documents for an authorized invoice. We are working with law enforcement, the county, and my cybersecurity consultant. We cannot provide specific details now, but we will when we are lawfully able, as this is an active criminal investigation."
MORE: Apple unveils high-yield savings account for Apple Card holders
The scheme likely started with an email, and experts said this type of cyber crime accounts for more than $3 billion in losses globally.
"This isn’t as sophisticated as this may appear," said Chris Freedman, the founder and CEO of OnDefend, which is a global cybersecurity corporation. "This appears to be a business email compromise attack, whereby a trusted vendor is being impersonated by a cyber criminal that is sending in a fictitious invoice or fraudulent invoice from a fraudulent email."
He said these attacks are attempted frequently, showing the need for an investment in cybersecurity and compliance standards.
"One thing about this attack was this information was publicly available. The RFP, the bid, the amount was available online at the Manatee County public works website, so that could have been used to help this attack happen," he said.
As investigators work on locating where the funds ended up, it’s unclear if any of the money will be recovered.