712 Digital Group - top

State Auditor Alerts Schools and Government Entities of Increase in Check and Email Scams

News

September 12th, 2023 by Jim Field

State Auditor Rob Sand Tuesday alerted Iowa school districts and government entities to be on the lookout for check scams and fraudulent emails instructing them to redirect payments.

“This kind of fraud is on the rise and can happen to anyone. A year ago, I was personally targeted by email scammers trying to redirect my paycheck. Fortunately, the Iowa Department of Administrative Services contacted me to confirm the email was fake,” said Sand. “That’s why it’s so important to be vigilant and develop internal controls and procedures to detect and prevent fraud.”

Two unidentified Iowa school districts recently informed the Auditor’s Office that they were the target of scams involving fake checks and emails.

In the first instance, the perpetrators sent a fake email to the school district directing them to send payments to a new address. The scam, known as Business Email Compromise (BEC), resulted in the district being defrauded of approximately $100,000.

In the second instance, the perpetrators created fake checks that included the district’s account and routing numbers. They successfully cashed two checks at area banks totaling $10,400.

The Financial Crimes Enforcement Network (FinCEN) issued a nationwide alert in February warning of a surge in check fraud. It cited a 23 percent increase in check fraud complaints from financial institutions in 2021, compared to the previous year. The increase is linked to an uptick in the theft of checks sent through the mail.

The Federal Bureau of Investigation (FBI) has made mitigating the BEC threat a priority, noting in a 2022 report that losses from BEC crimes jumped from $360 million in 2016, to $2.4 billion in 2021.

The Auditor’s Office advises school districts and government entities to monitor financial accounts for irregularities, including unauthorized withdrawals or missing deposits. Requests to redirect payments should be independently verified by calling the vendor directly. Contact information contained in the suspect email or other correspondence should not be used to verify the payment method. Additionally, public entities should institute policies and procedures to prevent fraud.