Post Content

EXCLUSIVE: $184K Stolen From City in Suspected Phishing Scheme

Alexandria Police are investigating the theft of nearly $184,000 from the city’s finance department in a suspected phishing scheme.

On Jan. 28, the department made a payment of $183,956.10 to what it believed was Integrity Construction Services, a vendor to Alexandria City Public Schools. The president of the company, Alex Lucas, told police that he is the victim of a phishing attack. The payment was actually sent to an unknown cyberthief.

Police were notified of the theft on Feb. 5.

“The suspect sent and received multiple emails from Mr. Lucas’ account until he was able to get in contact with someone from City of Alexandria Finance,” police reported in a search warrant affidavit. “From there, the suspect successfully changed the method and destination of payment for Mr. Lucas’ contract with the City of Alexandria.”

The finance office, which is located at City Hall (301 King Street), started receiving fraudulent emails last October requesting a change from a paper check payment to electronic funds transfer. An accounting manager with the city took multiple steps to verify the account information. The first email to the finance office was sent on Oct. 18, 2019, and the office continued to receive emails until Feb. 5, 2020, documents show.

The individual portraying themselves as a representative from Integrity Construction Services communicated via email and sent a voided check at the request of the account manager, according to police. The voided check showed the name of the vendor, but the account belongs to a woman in South Carolina.

Police spoke with Lucas, who told them he had no knowledge of what transpired, and subsequently hired an IT consultant who determined he was the victim of a phishing scam.

“The suspect who successfully phished Mr. Lucas’ email address gained access and established rules with the Outlook 365 program Mr. Lucas used,” police reported in the affidavit.

Alexandria spokesman Craig Fifer said that the city was not the victim of a phishing attack.

“The city provides training to all employees on how to avoid phishing attacks, and this was not a case in which the city was the victim of a phishing attack. This was a breach on the vendor’s side,” he said. “The city and ACPS are reviewing our vetting practices to improve those controls and keep this situation from happening in the future.”

Fifer added that the city is still in the process of paying the vendor.

“It’s slightly delayed by the investigation, but we’re in the process of making that payment,” he said.

If the thief is caught, he or she could face felony charges punishable by up to 20 years in prison.

Recent Stories

Updated at 6 p.m. Old Town residents and business owners are up in arms for not being officially notified of a route change for the George Washington Birthday Parade on…

As rainfall travels down the hills of the Parkfairfax neighborhood, the momentum sweeps it past the slim gutters meant to catch the water, propelling it further downhill to devastating effect….

Cloud is a 10-year-old black and brown medium-haired cat searching for her forever home. Currently up for adoption at the Animal Welfare League of Alexandria, she has a decade of…

A 23-year-old Lorton man was charged with driving while intoxicated after allegedly crashing into four cars in Old Town. The crash occurred near the intersection of S. Patrick Street and…

Hi, my name is Moneim Z., and I am a blind male with chronic kidney disease, who needs a living kidney donor for a transplant. My blood type is B+, and I can accept a kidney from individuals who have blood types B and O.

To read my story, please see the attached letter.

To contact me directly, please email me at [email protected] or call at 571-428-5065. My living donor coordinator at INOVA Hospital, Amileen Cruz can be reached at (703) 776-8370 , or via email at [email protected]

Thank you!

Read More

Submit your own Community Post here.

×

Subscribe to our mailing list