Fort Lauderdale duped in $1.2 million phishing scam, police say. Here’s what happened
South Florida is known as the fraud epicenter of the United States. And Fort Lauderdale certainly realized that last week when the city got fleeced out of $1.2 million in taxpayer money after it fell into the hands of brazen scammers.
The city made the seven-figure payment on Sept. 14 after believing it had received a legitimate bill from Moss Construction, Detective Ali Adamson, a spokesperson for Fort Lauderdale police, said in a Thursday news release. The city later learned the request for payment was fraudulent, Adamson added.
“This is an active investigation, and we will be working with all appropriate law enforcement agencies to determine exactly what occurred,” she said.
This type of online fraud, called a phishing scam, targets consumers by sending them an email that appears to be from a well-known source, sometimes requesting a payment, according to the Federal Trade Commission. The recipient, believing the electronic communication is legitimate, transfers the funds to the scammers or provides personal identifying information. Then the fraudsters can use the information to open new accounts, or invade the consumer’s existing accounts.
The commission says that one of the first things entities should do after realizing they have transferred funds to scammers is to ask their bank to reverse the transaction and return the money. Consumers are also recommended to file a police report.
Fort Lauderdale police declined to answer Miami Herald’s questions, citing an ongoing investigation. As of Thursday afternoon, Moss Construction hadn’t responded to the Herald’s emailed request for comment.
Fort Lauderdale City Manager Greg Chavarria told staff in a Wednesday email that the city’s bank is working to get the money back, but that it could take at least a week, according to a copy of the email obtained by the Miami Herald. The South Florida Sun Sentinel was first to report about the scam.
“Someone sent a request for an ACH payment (Automated Clearing House electronic funds transfer) pretending to be Moss Construction,” Chavarria said in the email. “The scammer filled out the paperwork and had a blank check attached. Accounts Payable checked the names and they matched corporate records.”
The money was intended to go toward a new Fort Lauderdale police headquarters building, located at 1300 W Broward Blvd, according to city records. In 2019, residents approved funding for the construction, which was capped at a little under $119 million.
Phishing scams have become all too common, with fraudsters targeting city governments across the country. Over the years, several municipalities in Florida have paid out millions in ransoms.
In 2019, Riviera Beach and Lake City were respectively scammed out of $600,000 and $460,000. Naples paid fraudsters $700,000. Key Biscayne also reported a data security “event.” Scammers also tried to infiltrate local election departments.
Russian hackers tried to break into the computer systems of at least five Florida county elections offices days before the 2016 presidential election. Election supervisors in Hillsborough, Pasco, Citrus, Clay and Volusia counties received the emails, which contained attachments that could have taken over their computers.
How do phishing scams work?
There are several ways fraudsters can run a phishing scheme, said Reginald Andre, the CEO of ARK Solvers, a South Florida-based IT and cybersecurity company. Scammers may send links in suspicious emails that, when clicked on, allow them to access company information, read emails and see transactions, which helps them trick clients and vendors.
They may pose as someone else using a bogus — but similar — email address, Andre said. They might even access a computer network, install a virus, ask for a ransom, usually in cryptocurrency like Bitcoin, and threaten to delete all files if not paid.
“At the end of the day, what the hackers want is your money,” Andre said. “They want money and they want information.”
In the Fort Lauderdale case, the scammer likely posed as the construction company and created a new email address to contact the Accounts Payable person, Andre said. It’s possible that the construction company was hacked or that the fraudster used public records to gather the necessary information to scam the city, he added.
For Andre, companies should have systems in place when encountering suspicious emails. Avoiding fraud could be as simple as picking up the phone — and hiring tech professionals.
“The biggest thing is making sure that your company has a culture of cybersecurity because times have changed and cyber threats are way up.”