PORTLAND, Ore. — In a letter to parents and staff Monday, Portland Public Schools announced it had mistakenly transferred $2.9 million to a fraudulent account. The account was disguised as that of a PPS construction contractor.
The district was made aware of the fraud Friday and has been working with the FBI and Portland police to figure out how this happened.
The bank was able to freeze the funds before the scammer withdrew the money, and on Tuesday morning, PPS announced the entire amount had been securely returned to the district's accounts.
Two district employees are on paid administrative leave during an investigation.
PPS said they did not commit any crimes. The fraud appears to have come from an outside source.
While exactly how this happened remains under investigation, a cyber security expert said cases like this often start with a phishing email sent to someone high up in an organization or company.
The email may ask the person to reset their password, or verify some information, and then sends them to a fraudulent website.
Once they enter the information there, the scammers have access to their email account.
They can then send an invoice that looks like it comes from a source the company often does business with, but it's in fact from the scammers.
Cybersecurity expert Kerry Tomlinson of Archer Security Group told KGW the scam perpetrated on the school district is unfortunately very common now. Businesses lose over $300 million a month, she said.
"The person gets the email and enters a password," she said. "The scammers have total control of the email account and they will create fake invoices from that email account often from outside companies. This is a very successful scam. It's very rampant."
PPS is reviewing all of their payment procedures and all district staff will get updated fraud awareness training to try and prevent this from happening again.
The district is also reviewing previous transactions and their vendor account management system.
Full text of the statement from Portland Public Schools
UPDATE: PPS is pleased to announce that the entire amount (approximately $2.9 million) of district funds has been securely returned to our accounts as of this morning.
Please see original message sent to the PPS community yesterday:
A message from Superintendent Guerrero
August 19, 2019
Dear PPS Staff and School Communities,
We want to let you know that Portland Public Schools has been working since Friday with law enforcement and financial institutions in response to a banking crime involving the district. Fortunately, we have confirmed that the banking institutions involved have frozen the approximately $2.9 million in district funds that were transferred to a fraudulent account disguised as the account of a legitimate PPS construction contractor. PPS has already begun the process to recover and fully return the funds back to the district, likely within the next several days.
Once we were made aware of this fraudulent transaction on Friday, we immediately notified law enforcement, including the FBI and Portland Police Bureau, as well as the Board of Education. We also began an internal investigation to determine the origin of this transaction and how and why the transaction was processed by PPS.
Following standard procedure, two district employees involved with processing the transaction were placed on paid administrative leave, pending a full investigation. Initial information indicates that the fraud was perpetrated externally and no district employee engaged in criminal activity; however, the district is implementing best practices to investigate this case thoroughly.
All district payment procedures and internal controls are being reviewed, additional protocols and actions have already been identified, and all district finance staff will receive mandatory, updated training this week to reinforce protocols and to ensure updated procedures are in place to prevent incidents like this from occurring. We have conducted an initial review of previous transactions, as well as a review of vendor account management and fund transfer protocols. In addition, we have updated our fraud awareness training materials.
All of this is being followed by a full, independent, external investigation involving outside experts from the fields of online security, financial processes and controls, and workplace fraud. Additionally, the district’s external auditor will independently review our financial controls and vendor management protocols.
We are treating this incident with the utmost seriousness. We will continue to cooperate fully with law enforcement to protect school district funds and to apprehend the perpetrators. We thank Portland Police, the FBI, and our partners at Wells Fargo for their quick response and assistance they have extended to PPS over the last four days. Unfortunately, school districts and educational entities around the country have increasingly become targets of financial fraud and cyber security threats. We will use this instance to further strengthen our financial controls and plan to share our experience with other school districts.
Sincerely,
Guadalupe Guerrero
Superintendent