Breaking News
More () »

Boulder County recovers $237K lost in phishing scam

The county said in September that one of its vendors had experienced a cyberattack, leading to the county sending more than $237,000 to a fraudulent account.

BOULDER COUNTY, Colo. — Boulder County has recovered the more than $237,000 that the county mistakenly sent to a fraudulent account last year, the Sheriff's Office said.

The county said in September that one of its vendors had experienced a cyberattack, which allowed hackers to access information from the vendor to create a spearfishing email. The email to the county appeared to be from the vendor, which led to a check being incorrectly sent to a fraudulent account, the county said.

The county said at the time that it had insurance for criminal activity, and that insurance was expected to cover most of the loss after the investigation was completed.

The Sheriff's Office said Tuesday that a sheriff's detective who is assigned to the Boulder County Digital Forensics Lab was able to trace the funds to a bank account in the United States. 

The money was still showing as an available balance, the sheriff's office said, and investigators were able to freeze it in the account to keep it from being moved.

In December, $237,241.18 was returned to Boulder County. That's the full amount of the check that was initially given to the hackers. 

"Boulder County has a cyber security program which is committed to defending the community's resources from all kinds of fraud and cyber security threats," the sheriff's office said in a news release. "Our cyber security incident response was able to collect and provide a full report on the spearfishing incident to the Boulder County Sheriff's Office, United States Secret Service, and JPMorgan Chase & Co's fraud team so they could carry the investigation forward."

The county said they've taken steps to help prevent similar incidents, including additional training for accounting teams, a new verification step for vendor payment instruction changes and new email security features. 


Before You Leave, Check This Out