BOSTON (CBS) – The Massachusetts Clean Energy Center mistakenly wired $93,679 in public funds to a criminal’s bank account, according to a new report by the state auditor.
The quasi-state agency is yet another victim of a sophisticated cyber scam highlighted in a WBZ I-Team story in May.
The scheme is responsible for $5 billion in losses globally and targets everyone from big businesses to individual homeowners. As the I-Team previously reported, the Town of Brookline nearly lost taxpayer money to the scam last year.
According to the audit by State Auditor Suzanne Bump, leaders at the MassCEC were slow to report the fraudulent transfer to law enforcement and their board of directors. As a result, the agency only recovered $25,261 in stolen funds.
A spokesman for MassCEC told the I-Team the agency has since taken a number of steps to prevent future issues including requiring all employees to take an annual IT security training course and implementing additional controls around verification of wire transfers.
“The Massachusetts Clean Energy Center takes seriously its responsibility as a steward of public funds and, upon discovering a fraudulent wire transfer in February 2017, immediately engaged in a comprehensive internal review and implemented a number of new processes designed to identify fraudulent activity and prevent theft,” read a statement from MassCEC spokesman Craig Gilvarg.
The MassCEC uses the proceeds of the Renewable Energy Trust to fund its operations. That account is funded through a surcharge paid by utility company ratepayers.
The scam can be successful because it targets people’s tendency to only communicate via email. Online hackers lead victims to believe they are communicating with their boss, a title company, or a home contractor. The criminal then sends payments instructions for a fraudulent bank account.
For instance, a Bourne homeowner thought he was speaking with his contractor about a basement renovation project, and lost $10,000.
The FBI said the easiest way to avoid becoming a victim is to verify wire transfers over the phone or in person before sending the money.
Ryan Kath can be reached at firstname.lastname@example.org. You can follow him on Twitter or connect on Facebook.