Last Updated: 9:28 p.m.
The Flagler County school district was the target of electronic fraud involving what Flagler County Sheriff Rick Staly described as a “pretty significant amount of money,” in a scheme having all the makings of phishing–a common method by fraudsters of impersonating familiar contacts either to induce a swindle or to make the recipient reveal sensitive financial information.
The Flagler County school district late today issued a cryptic press release that stated the district had uncovered “an electronic transfer of funds to a possible fraudulent vendor bank account,” triggering an internal investigation and contact with the FBI and the Flagler County Sheriff’s Office. The release was issued at 7:20 p.m. Superintendent LaShakia Moore informed school board members individually of the matter in early evening, by email and by individual phone calls.
FlaglerLive has learned, but has not confirmed, that the sum involved is around $700,000, and that the money was intended as payment to a contractor or a vendor involved in the ongoing expansion at Matanzas High School, a $22.6 million project on which it broke ground in late July. It did not reach its intended recipient, and the scheme may not have been uncovered promptly enough to enable recovery.
It isn’t clear if, like many corporations now do, the district has insurance to protect against such schemes, or how it will make up the money if it is not recovered. The school board will have to be apprised and discuss the next steps–in open, public sessions: this is not the sort of matter it can legally discuss behind closed doors.
“The message is that we’re looking at our processes, we’re taking a close look at our processes,” Wheeler said, which again hints at what may have gone wrong: Phishing is a preying method that exploits vulnerabilities, a lack of awareness or detection of what subsequently turns out to be obvious fraud.
No one inside the district has been suspended or placed on administrative leave, Wheeler said.
“I don’t know when the school district determined when they were a victim, so timeliness of taking a report and timeliness of taking action is critical in these kinds of investigations,” Staly said. He would not confirm the sum of money or the nature of the payments, saying the investigation is in its earliest stages.
“What I can confirm is late this afternoon, virtually at the end of the workday,” Staly said, “school district reported an allegation of wire fraud to the Sheriff’s Office, and involving a pretty significant amount of money. I cannot confirm that another agency is involved because I don’t know who else the school may have reported it to. We know they have reported it to us.”
The district may have lost some time reporting it to the Sheriff’s Office: the fraud was discovered this morning, a district spokesperson said, so several hours passed before the Sheriff’s Office was informed–a critical lapse in the sort of cases that are compared to missing-children cases: the earliest hours matter the most.
The sheriff recalled a case of phishing when he was vice president of the Ginn Corporation, in charge of its security companywide, in and out of Florida. “They were the victims of a phishing virus, but the CFO did not realize they were a victim so it was not reported” to Staly for days. By the time it was, he determined what had happened, “but I was unable to recover the money because it had been wired to Latvia. Then a week or so later they had another hit. This time the CFO realized what was going on, in a more timely fashion, and notified me, and I was able to get half the money back before it went to its destination. I’m not saying that’s the case here, because it’s a very preliminary investigation. all I can tell you is this is how these frauds work, and timeliness in reporting the case is critical in recovery.”
Staly said the Sheriff’s Office only has jurisdiction in Flagler County, “and most of these criminal enterprises are based in other countries.” He also noted: “Unless it reaches millions and millions of dollars, the federal agencies have so many reports, they don’t go the full mile of the investigation. But it could be different in this case, this could be tied to a bigger overall case. I don’t know at this point. We will work it, and work with our federal partners if appropriate.”
Staly stressed that he was speaking in hypotheticals, and providing examples dating back more than a decade. Hypothetically, the present case could be phishing, “that could be it, hypothetically it could be a virus that infected a computer, so there’s many different ways these kinds of frauds are perpetrated,” the sheriff said.
The school board was scheduled to hold a 1 p.m. closed-door session to discuss litigation. The session, which was to have been led by School Board attorney Kristy Gavin, was cancelled, as Gavin and Moore had both been called away to deal with the fraud case.
The board did meet for its regularly scheduled workshop at 3 p.m. Gavin was conspicuously absent, though Moore attended the full three hours of that meeting, but did not discuss the potential fraud at the time. The district’s chief financial officer, Patti Wormeck, participated in some segments of the meeting, as she routinely does, though it’s not clear if she was there throughout.
The superintendent “was briefed after the meeting and let them know after the meeting,” a district spokesperson said of the superintendent.
The release was limited because “we’re dealing with an active investigation, we’re trying to be limited on what we release,” Jason Wheeler, the district’s chief spokesperson, said. “If the FBI is involved, it wouldn’t be a small amount of money.”
The FBI investigates cyber crimes and financial crimes that cross state lines. Phishing Scheme typically don’t just cross state lines. They cross international borders, making recovery that much more difficult.
The soundness of the district’s finances and accounts in general is not affected, Wheeler said. “We want to assure the public there has been no data breach on our part and that all district information remains secure and protected,” the release said.
Rather, the potential fraud may be a case of vendor fraud–a bogus vendor posing as one doing business with the district, an increasingly common type of fraud across the country.
School Board Chair Cheryl Massaro, contacted this evening, said she was told as little as was made public. The superintendent, she said, “informed us that because it’s an active investigation, they can’t give us detailed info.”
For now, Staly said, no focus is off the table. “These are very technical investigations and very time-consuming,” he said.