Baltimore city officials are working quickly to implement safeguards after over $1.5 million was stolen from the city’s payment system. The fraud was first flagged by a bank that received two large payments from the city, one for $803,000 and the other for $721,000. The $721,000 payment was reversed, but the $803,000 payment, which was cashed in February, has not been recovered. Officials believe the fraud was perpetrated by someone who impersonated a vendor over several months of email correspondence.
The fraudster contacted city officials as early as October or November, providing the necessary documentation to change the vendor’s bank account.
This included voided checks and the company’s tax identification number, making the fraudulent account change appear legitimate. Baltimore had recently moved parts of its vendor payment system online to streamline processes and increase transparency, but the system’s ease of use allowed the fraudster to exploit vulnerabilities. Despite the scheme, no work has stopped due to the missed payment, and the city plans to issue a new payment to the vendor.
City officials are now exploring new internal controls in response to the incident, including recommendations from previous inspector general findings. One possible change is implementing automatic notifications to vendors at various steps in the payment process. The fraudster also bypassed the city’s geofencing system, which was designed to monitor mobile devices or IP addresses, using a Starlink satellite internet network to cover their tracks.
This highlights the need for improved vigilance and more advanced security measures to stay ahead of fraudsters.
While no other vendors have reported similar issues, the city has advised all vendors to verify their account information in the payment system. Officials are determined to strengthen their systems to prevent future fraud and maintain transparency. Despite the efforts to improve safeguards, city officials have acknowledged that there will likely always be some loopholes that could be exploited in the system.
Reference:
