IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Colorado County Recovers Nearly $238K Lost to Scammers

A detective with the Boulder County Sheriff's Office Digital Forensics Lab was able to trace the funds lost in a spear phishing attack to a U.S. bank account and freeze it late last year. The funds have since been recovered.

hacker_shutterstock_294978146
Shutterstock/GlebSStock
(TNS) — Boulder County was able to recover the almost $238,000 it mistakenly sent to a fraudulent account after a phishing scam in September.

In September, hackers acting as a vendor for the county sent a spear phishing email to the county, which resulted in a check for $237,241.18 being "sent incorrectly."

According to a release from the Boulder County Sheriff's Office, a detective with the sheriff's office assigned to the Boulder County Digital Forensics Lab was able to trace the funds to a U.S. bank account.

Investigators were able to freeze the funds in the account, and on Dec. 7, the full amount of the check was returned to Boulder County.

The investigation into the incident remains ongoing.

"Boulder County has a cybersecurity program which is committed to defending the community's resources from all kinds of fraud and cybersecurity threats," the release read. "Our cybersecurity incident response was able to collect and provide a full report on the spearfishing incident to the Boulder County Sheriff's Office, United States Secret Service and JPMorgan Chase & Co's fraud team so they could carry the investigation forward.

"Boulder County continuously improves its security and fraud prevention safeguards, and this incident has prompted several improvements. County accounting teams have received additional training to identify vendor impersonation fraud and how to request help with verification of suspicious requests. An independent verification step has been added to our vendor payment instruction change process. Finally, our email security tools have been configured to warn users about email domains which are newly registered, and those which are only one or two characters different from our partner organizations."

The U.S. Secret Service and the Penn Township Police Department in Pennsylvania assisted with the investigation.

©2023 the Daily Camera, Distributed by Tribune Content Agency, LLC.