A district court judge sentenced a man accused of stealing nearly $700,000 from the City of Fort Worth to 12 years in prison.
The accused, who pled guilty to theft of property greater than $300,000, allegedly stole the money through a phishing email scam.
Fort Worth's accounts payable department received a change of account request in October of 2017. The spam email claimed to come from two Imperial Construction employees, one of whom was an actual person. The email requested that the department change the construction company's electronic deposit to a Chase Bank account and included a copy of a check with the account and routing numbers. Imperial Construction later told authorities that the signature of the real employee had been forged.
The city changed the bank account, believing that Imperial Construction had changed banks. According to the affidavit, the scammer had access to the new account and withdrew thousands of dollars in cash from ATM machines in Houston.
After withdrawing the total - $693,625.77 - in the bank account, the 50-year-old man flew to Nigeria. He later returned to the U.S. and was arrested in Houston.
A terminated senior city IT manager filed a lawsuit, claiming the city mishandled the phishing scam. He also claims that the city allowed employees with criminal convictions access to a confidential FBI criminal database and allowed anyone to access employees' medical and personal information.
The plaintiff allegedly told the city's acting chief financial officer and acting chief technology officer that the city's cybersecurity had been compromised. The lawsuit claims they rejected the plaintiff's remediation proposal because it would have required City Council approval and public disclosure.
The plaintiff claims he was placed on administrative leave and then terminated in retaliation for reporting the security breaches to law enforcement after city officials failed to act. Emerson Clarridge "Court Sentences Man Who Stole $700K in City Phishing Scam" govtech.com (May 14, 2021).