FBI and Webster police investigate after scammers steal $540k from town using contractor’s info in complex phishing scheme

FBI and Webster police investigate after scammers steal $540k from town using contractor’s info in complex phishing scheme

The News10NBC Team details breaking News, Traffic and Weather.

WEBSTER, N.Y. – The Town of Webster sent scammers more than $500,000 in a phishing scheme and now town leaders and police are scrambling to claw back some of the taxpayer cash.

The fraud happened back in November but was only made public on Thursday.  The scammers apparently posed as a contractor that the town legitimately works with and sent an invoice using letterhead, logos, the real names of employees and what looked like authentic email addresses and bank account information for payment.    

“Webster is in the middle of major projects infrastructure wise, we have Coke-Fairlife coming to town, our sewer plant that’s going to be supporting that is in the middle of an $80 million dollar renovation, we’re building an new highway garage that’s $20+ million,” says Tom Flaherty, Supervisor of the Town of Webster.

It wasn’t until about 12 days after the invoice was paid, the town realized there was a problem.

“The way that we found out is that the contractor called us and said “hey when are you going to send us that $500k+ money” and we’re like, we did,” Flaherty says.   

Webster police were able to freeze the account where the money was wired and there was still $300,000 in it.

“I think they might have had the money in there because they were taking it out slowly as to not raise any red flags and we got them before they got it all out,” Flaherty says.   

That money will be recouped and the other $240,000 will be covered by the town’s cyber insurance policy. “This is a very complex, sophisticated scheme,” Flaherty says.

Jennifer Lewke, News10NBC: “If it was so comprehensive and sophisticated, then how do you ensure it doesn’t happen again?”

Tom Flaherty: “We really kind of augmented our policies and procedures and as often happens, they’re probably over cautious now, like triple or quadruple authentication.”

Jennifer Lewke: “There were two months essentially where this happened, you’re figuring out what to do with it and taxpayers didn’t know about it. How come you didn’t tell people right away?”

Tom Flaherty: “That’s a pretty easy answer because when you talk about the ongoing criminal investigation, if we would have come out and told this to the world the day after it happened it would have put us in risk of not being able to recoup money.”

The criminal investigation into this situation continues, both Webster Police and the FBI are investigating.

Q and A provided by Town of Webster on Incident:

Town of Webster – 2024 Phishing Incident Questions and Answers

Q: How long did it take to discover the fraudulent activity?

A: The fraudulent activity was discovered by Town staff twelve days after the payment was sent.

Q: Why was this information not released immediately after the incident?

A: The matter was actively under investigation by law enforcement, our banking institution, and insurance provider and could not be made public immediately. This theft was part of a complex scheme and took time to uncover the information the public needed.

Q: Who is responsible for the money?

A: The Town of Webster is responsible for the loss. Fortunately, we are successfully working with law enforcement and insurance on a plan for recovery of lost funds.

Q: Have any losses been recovered through investigation or insurance?

A: $300,972 has been seized by the Webster Police Department (WPD) through its criminal investigation. In addition, the Town has been authorized to receive up to $240,000 through its cyber insurance policy.

Q: What is cyber insurance?

A: Cyber insurance is used to help protect against losses resulting from a cyber-attack or incident.

Q: How does this impact the general budget?

A: The 2025 operating budget will not be impacted by this incident.

Q: What immediate actions did the Town taken in response to this incident?

A: Immediately after becoming aware of this incident, the Town of Webster took action to mitigate any negative impacts. This included

• Criminal investigation: Webster Police Department immediately began a criminal investigation in regard to the fraudulent activity. This investigation led to the authorized seizure of $300,972 by the Webster Police Department. WPD continues to work with the offices of the FBI and District Attorney on this investigation.

• Insurance claims: The Town communicated with its insurance agent and provided all necessary documentation to move forward with claims.

• Cybersecurity efforts: Webster’s IT Department was informed of the fraud, which triggered a review of the incident. An analysis was completed to ensure that the Town’s computer network was not hacked and to check for vulnerabilities.

• Communication with the Town’s Bank: The Town of Webster immediately reached out to the bank where the payment originated. The bank attempted to recall the payment, but it was outside of five business days, so it was not possible. The Town received all necessary supporting documentation from the bank to investigate this matter.

• Collaboration with the Contractor: The Town of Webster and the contractor have worked collaboratively in identifying the cause of this incident.

Q: What local, state, and federal agencies were/are involved with the investigation?

A: The Webster Police Department and the FBI are conducting a joint criminal investigation. The Monroe County District Attorney’s Office has aided in the investigation.

Q: Is the Town confident that no other cyberthefts have occurred?

A: The fraudulent activity was reported to Webster’s IT Department immediately after being discovered. The IT Department performed a review of all Town accounts and IT[1]managed systems; this review showed that no accounts or systems had been compromised.

Q: What is the Town doing to avoid being a victim of another phishing incident?

A: The Webster IT Department has made several recommendations in an action plan to prevent future phishing incidents. This action plan includes several procedures currently in place and adhered to by Town staff. In addition, the Finance Department has reviewed all existing internal controls in regard to vendor payments and has added procedures and additional levels of review to tighten existing controls

*A.I. assisted with the formatting of this story. Click here to see how WHEC News 10 uses A.I.*