Thieves scam state of Utah of $2.5 million

The theft of a vendor number for the University of Utah's design and construction department led to a scam that resulted in the loss of almost a million dollars before it was uncovered. More than half of the $2.5 million already transferred were frozen and subsequently recovered, though almost a million dollars were already gone by then.

The entire fiasco started with what appears to be a keylogger spyware that was transmitted via email to the chief financial officer of an Ohio insurance firm. With the vendor number in hand, the perpetrators forged the signature of the department's director and submitted paperwork to the state of Utah changing the department's bank account information to a Bank of America account in Texas--which appears to have been a front account.

Fraudulent invoices were submitted on behalf of the University of Utah, which was paid by the state. The thieves reaped $2.5 million before the bank called to inquire about the suspiciously large payments that were going to a single account.

Michael Kessler, who is the president of Kessler International, a forensic accounting and investigation agency in New York City, said the thieves appear to have used a simple scam that originated in Nigeria. However, the Utah theft is the first time Kessler has seen a government victimized.

Kesslar's attitude was unforgiving after reviewing a copy of the search warrant.  He said, "Their IT people should have known better.  It sounds like any kid could have done this."

For more on this story:
- check out this article from The Salt Lake Tribune

Related Articles:
Malicious activity news from FierceCIO