Web Scam Bilks State of Utah Out of $2.5M 138
KitB sends in a story in the Salt Lake Tribune that tells of a Web-based scam, resembling some used by Nigerian gangs, that snared the state of Utah. $2.5M was sent to a bank account in Texas before the bank raised a question and then froze $1.8M in the account. "Thieves apparently used a Nigerian-based scam to steal $2.5 million from the Utah treasury, covering their tracks by using intermediaries and a church address. A Salt Lake Tribune review of the names listed in a search warrant as receiving or transferring money [found] names of African origin or connections to that continent. Michael Kessler, ... a forensic accounting [investigator] in New York City, said the thieves appear to have used a simple scam that originated in Nigeria about five years ago. The Utah theft is the first time he's seen a government victimized. 'Their IT people should have known better,' Kessler said after reviewing a copy of the search warrant Thursday. 'It sounds like any kid could have done this.'"
Re:Everyone (Score:5, Informative)
*sigh* can't you read TFA? There wasn't a scam like the Nigerian scams - this is more a case of someone forging invoices.
Essentially, the scammers changed the bank details for the University of Utah, and submitted invoices. The state paid them. Yes, the state was slack and had poor procedures for identifying and preventing fraud, but it wasn't one of the 419 scams. Importantly, there doesn't appear to have been an element of greed on the scamee's part.
This was a scam technique that originated in Nigeria. It wasn't the Nigerian 419 Scam. Strangely enough, Nigeria has been the origin of more than one type of scam.
Re:Inside job? (Score:3, Informative)
Re:Everyone (Score:1, Informative)
No, the dollar is just a symbol, it's usually pronounced "two point five million dollars." Although one might say "two and a half million dollars."
Re:So why didn't God intervene? (Score:2, Informative)
Mormons don't have a collection plate.
Re:Blame the IT guys? What a prick. (Score:3, Informative)
I agree. The IT guys here are the last people who should get the blame here.
Utah was one of the first government to allow an "electronic identity" for commerce, and that may have been one of the sources of problem here in terms of somebody forging an identity to switch bank accounts of a vendor. But the blame is not with the guys running the servers but rather the lame procedures requiring only an SSN and mother's maiden name to have your identity "confirmed" electronically.... if even that much information was used to change the vendor routing number.
Re:This is about purchase orders, not bank account (Score:5, Informative)
If this was a purchasing issue, why does the article quote the interviewee as suggesting, "Their IT people should have known better,"
The interviewee is quite possibly a douche nozzle.
Re:How is that Nigerian? (Score:3, Informative)
Possibly it's the way they arranged for the change to the bank details of a legitimate organisation? Dunno. The article said the scam originated in Nigeria. I was just pointing out that this wasn't a 419.
Re:Stupid, Incompetent bureaucrats? (Score:3, Informative)
Re:How is that Nigerian? (Score:5, Informative)
This is a multi-part scam. What occurred with the state of Utah had nothing to do with Nigeria at all. That is just tabloid journalism where they mention something catchy in the title to get people to read an article that might otherwise be uninteresting.
Part one was where the scammers used an entity that was already billing the state of Utah and faked invoices with bank accounts changed to funnel the money to the scammers instead. The University of Utah was obviously known to the state and it was not unusual for them to be submitting large invoices.
Part two, and this is the Nigerian component, was using a person's greed to accept what is sometimes illicit funds in order to receive a share. That's classic Nigerian. I know where there is 10,000,000$ USD but I need your help to access it. In return for your bank account details and cooperation I agree to give you a "commission".
The people who created the bank accounts where the state of Utah funds were deposited into were the victims of the "Nigerian" fraud. Although, it's not exactly clear that they were actually victims in the sense that they lost money.
The part that is disappointing is not the "country bumpkins" that cooperated in receiving the money, but the accountants working for the state of Utah that did not have the sense to check bank account numbers against an approved list before transferring millions of taxpayer dollars.
Re:How is that Nigerian? (Score:2, Informative)
You would have thought that the billing/payment system in use would manage the bank account details separately. I.e., a bill comes in, it gets added to the accounting system, and a payment is flagged as due to the university, which then gets paid using the University's details stored on the system already. And any "change of details" letter would of course involve a double check with the institution.
I can't believe that a system would exist whereby they would manually transfer the money to the details on the invoice, in 2008/9. That is so trivially open to abuse of the exact kind that happened in this case. I only believe that it didn't happen before because nobody thought that any place set up to be paying millions of dollar invoices would actually have such a system. Maybe for $1000 bills, but anything higher should be restricted to transferring money to bank details that are set up in the system at the time the account is first opened.
So the blame for all of this does not fall on the IT guys (indeed how are they culpable for a fraud that involves physical invoices and the finance team) but the people that researched, bought and set up the current bill paying infrastructure - i.e., the finance team.