Last Updated: 9:28 p.m.
The Flagler County school district was the target of electronic fraud involving what Flagler County Sheriff Rick Staly described as a “pretty significant amount of money,” in a scheme having all the makings of phishing–a common method by fraudsters of impersonating familiar contacts either to induce a swindle or to make the recipient reveal sensitive financial information.
The Flagler County school district late today issued a cryptic press release that stated the district had uncovered “an electronic transfer of funds to a possible fraudulent vendor bank account,” triggering an internal investigation and contact with the FBI and the Flagler County Sheriff’s Office. The release was issued at 7:20 p.m. Superintendent LaShakia Moore informed school board members individually of the matter in early evening, by email and by individual phone calls.
FlaglerLive has learned, but has not confirmed, that the sum involved is around $700,000, and that the money was intended as payment to a contractor or a vendor involved in the ongoing expansion at Matanzas High School, a $22.6 million project on which it broke ground in late July. It did not reach its intended recipient, and the scheme may not have been uncovered promptly enough to enable recovery.
It isn’t clear if, like many corporations now do, the district has insurance to protect against such schemes, or how it will make up the money if it is not recovered. The school board will have to be apprised and discuss the next steps–in open, public sessions: this is not the sort of matter it can legally discuss behind closed doors.
“The message is that we’re looking at our processes, we’re taking a close look at our processes,” Wheeler said, which again hints at what may have gone wrong: Phishing is a preying method that exploits vulnerabilities, a lack of awareness or detection of what subsequently turns out to be obvious fraud.
No one inside the district has been suspended or placed on administrative leave, Wheeler said.
“I don’t know when the school district determined when they were a victim, so timeliness of taking a report and timeliness of taking action is critical in these kinds of investigations,” Staly said. He would not confirm the sum of money or the nature of the payments, saying the investigation is in its earliest stages.
“What I can confirm is late this afternoon, virtually at the end of the workday,” Staly said, “school district reported an allegation of wire fraud to the Sheriff’s Office, and involving a pretty significant amount of money. I cannot confirm that another agency is involved because I don’t know who else the school may have reported it to. We know they have reported it to us.”
The district may have lost some time reporting it to the Sheriff’s Office: the fraud was discovered this morning, a district spokesperson said, so several hours passed before the Sheriff’s Office was informed–a critical lapse in the sort of cases that are compared to missing-children cases: the earliest hours matter the most.
The sheriff recalled a case of phishing when he was vice president of the Ginn Corporation, in charge of its security companywide, in and out of Florida. “They were the victims of a phishing virus, but the CFO did not realize they were a victim so it was not reported” to Staly for days. By the time it was, he determined what had happened, “but I was unable to recover the money because it had been wired to Latvia. Then a week or so later they had another hit. This time the CFO realized what was going on, in a more timely fashion, and notified me, and I was able to get half the money back before it went to its destination. I’m not saying that’s the case here, because it’s a very preliminary investigation. all I can tell you is this is how these frauds work, and timeliness in reporting the case is critical in recovery.”
Staly said the Sheriff’s Office only has jurisdiction in Flagler County, “and most of these criminal enterprises are based in other countries.” He also noted: “Unless it reaches millions and millions of dollars, the federal agencies have so many reports, they don’t go the full mile of the investigation. But it could be different in this case, this could be tied to a bigger overall case. I don’t know at this point. We will work it, and work with our federal partners if appropriate.”
Staly stressed that he was speaking in hypotheticals, and providing examples dating back more than a decade. Hypothetically, the present case could be phishing, “that could be it, hypothetically it could be a virus that infected a computer, so there’s many different ways these kinds of frauds are perpetrated,” the sheriff said.
The school board was scheduled to hold a 1 p.m. closed-door session to discuss litigation. The session, which was to have been led by School Board attorney Kristy Gavin, was cancelled, as Gavin and Moore had both been called away to deal with the fraud case.
The board did meet for its regularly scheduled workshop at 3 p.m. Gavin was conspicuously absent, though Moore attended the full three hours of that meeting, but did not discuss the potential fraud at the time. The district’s chief financial officer, Patti Wormeck, participated in some segments of the meeting, as she routinely does, though it’s not clear if she was there throughout.
The superintendent “was briefed after the meeting and let them know after the meeting,” a district spokesperson said of the superintendent.
The release was limited because “we’re dealing with an active investigation, we’re trying to be limited on what we release,” Jason Wheeler, the district’s chief spokesperson, said. “If the FBI is involved, it wouldn’t be a small amount of money.”
The FBI investigates cyber crimes and financial crimes that cross state lines. Phishing Scheme typically don’t just cross state lines. They cross international borders, making recovery that much more difficult.
The soundness of the district’s finances and accounts in general is not affected, Wheeler said. “We want to assure the public there has been no data breach on our part and that all district information remains secure and protected,” the release said.
Rather, the potential fraud may be a case of vendor fraud–a bogus vendor posing as one doing business with the district, an increasingly common type of fraud across the country.
School Board Chair Cheryl Massaro, contacted this evening, said she was told as little as was made public. The superintendent, she said, “informed us that because it’s an active investigation, they can’t give us detailed info.”
For now, Staly said, no focus is off the table. “These are very technical investigations and very time-consuming,” he said.
JimboXYZ says
Need to know who in Accounting/Accounts Payable is making this kind of $ 700K mistake ?
c says
Maybe you should wait to find out the details before you start blaming an accounting clerk – who most probably had the proper paperwork/forms/authorizations (even though they were possibly faked or forged) to make the payment – and who DOESN’T have the responsibility nor capability of micro-managing every financial transaction ??
Pointing fingers without knowing the target is a politicians stunt , and I for one am tired of the idiotic baseless political circuses.
Willy Boy says
Throwing tax money off the back of the train. Bravo!
Atwp says
Tax payers will probably pay for the theft. If this county was hit I wonder about the rest of the schools in the state. Will the insurance pay the money back? Time will tell.
Mic says
Well tax payer is already paying for the personal expenses of the school board pets so nothing new
FLMom says
Curious what this is referring to?
BIG Neighbor says
So here’s a question…what changes have already bee implemented to ensure resiliency? There are some things that are appropriate at this time to release from our award winning cyber criminology and communications team. Other leaders in the community want to know. What lessons were learned and are continuing to learn to adapt? This would be more assuring than to read statements that disclose little detail other than frustration for citizens.
David Gardner says
I am surprised the school district did not report they have an authorized vendor list with approved bank routing and account numbers to wire funds too, and the proper approval of the project manager to have Accounts Payable pay the invoice.
dave says
The keys words in this article and so many more in the last few weeks. Flagler County School’s. Maybe an investigation into every darn employee and of course its leadership needs to be done. Too many issues and events points so many fingers at board members and school district leadership.
Jay Tomm says
All comes back to people being lazy & not doing their jobs!
One does not simply wire $700K without checks & balances……
And as a .gov they should have cyber insurance which will recoup the funds.
John says
OMG now what are they doing. This is the most unfunctional Board of Ed and nothing ever seems to get resolved. Time to fire all of them and start over.
protonbeam says
Simply NO REASON for this to happen. It was laziness, inattention and incompetence that plagues the school board and its administration …. time for a segregated assembly for the finance dept at the school – time for cheeseburgers or Jail …. but we can be assured of one thing – there will be ZERO accountability just like the City of Palm Coast, they celebrate success and bury failure
JimBob says
I bet the “Dingbat Troika” will blame this on Attorney Gavin before the week is out!
Roy Longo says
The three amigos were so worried about the FYO finances solely because of the leader’s last name. That proved to be a waste of time and effort. Now look what happened right under their noses. Shame on them.
Kendall says
This is an excellent point. I’ve wondered why no board member was upset that the district FAILED to track and audit one of their own programs. Absolutely nothing was said about it- which proves that the investigation into the FYO was not about district accountability, and instead about a personal vendetta Mr. Furry had against the Tristams.
If Mr. Furry had focused on the root of the problem this debacle could have been prevented. But I’m sure he and the other two stooges are deciding who will be on the hit list once they are done with Gavin. Who cares about over $700K when they have people to hurt.
Samuel says
Unbelievable.
Celia M Pugliese says
Coincidentally our very engaged on city and commission meetings while attending Monday 10/2 Commission meeting at minute 1.0129 spoke alerting the commissioners about the city of Fort Lauderdale about a 1.2 million fraudulent payment to a contractor supposed bill: https://www.youtube.com/watch?v=Bk6CmCyhozc&t=5084s
Laurel says
In the nearly 20 years I worked for a south Florida city, I got only one silly email from that “prince” who needed money to get out of jail in some foreign country. Our info dept was not so hot, but a couple years later we got a crack shot team that won awards.
Most, not all, email sites allow you to see on your computer who is really sending you the email. I got an email from, and I’m making up this name, Joe Smith, a contractor. By hovering over the sender’s email, and not clicking on it, [email protected], it stated [email protected] so I knew it wasn’t Joe. Same thing with a contact friend of mine, who I hadn’t heard from in a couple years. Again, I hovered my pointer over her familiar, contact email name, and again it was a [email protected] (If these show up as links, they are not real so don’t bother). Anyway, for the fun of it, I answered and stated how the heck are you? My supposed friend said “fine” and went off on needing a few bucks to get whatever. Man, did I give the phony an eye full! Never heard from the phony again.
At first, I thought the contractor’s email had been hijacked and told him so. Later, I figured it out that my email page had been hacked, and apparently, by some kids in some school (.edu).
Meanwhile, I get all kinds of bs texts from “Amazon,” “Verizon,” “Fedex” and so on, that do not come from the real companies. It’s all phishing. I report them and block them.
Thieves suck. The school’s IT needs to do a better job, as does the people in purchasing and budgeting.