In March, the Johnson County Board of Education in Tennessee fell victim to a business email compromise (BEC) scam that led to a loss of $3.4 million. A finance director in the district, believing they were corresponding with a legitimate Pearson representative, received fraudulent emails from an imposter using a look-alike domain, “pearson.quest.” These exchanges culminated in two wire transfers, totaling $3.36 million, being sent to a Wells Fargo account, which was linked to the scam. The funds were drawn from the Tennessee Investment in Student Achievement program, designed to support public education.
Nearly two weeks later, the school district’s bank detected suspicious activity and alerted the Johnson County Schools Director. By the time the fraud was identified, the stolen funds had been transferred through multiple accounts. A U.S. Secret Service investigation tracked the money to a 76-year-old Texan named John Crowson, who admitted to managing the accounts but claimed he had done so for a romantic partner. This partner, allegedly overseas due to personal matters, convinced Crowson she needed his help managing inherited funds. Other individuals linked to the stolen money shared similar stories of online relationships that turned out to be scams.
Such schemes, involving unwitting participants called money mules, are a common tactic for laundering funds stolen in BEC scams. The FBI has repeatedly warned about BEC scams, which involve fraudsters targeting employees with spoofed or hacked accounts to trick them into transferring money. In 2023, these scams accounted for $2.9 billion in U.S. losses. School districts, often handling large budgets and reliant on email communications, are frequent targets. Similar scams, like one in New Haven, Connecticut, resulted in losses of $6 million, though a significant portion was later recovered.
Despite the Johnson County Board of Education’s quick response, only $742,000 of the stolen funds have been recovered. The incident underscores the vulnerability of educational institutions to sophisticated cyber fraud. With increasing reliance on digital communications, experts emphasize the need for heightened vigilance and robust cybersecurity measures to protect against evolving threats like BEC scams. The Johnson County district continues to manage the aftermath, while law enforcement seeks to prevent such crimes in the future.
Reference:
