- Audio Recording
- Audit Release Advisory
- Events and Training
- Financial Audits
- Findings for Recovery
- Fiscal Caution, Watch, and Emergency
- Performance Audits
- Policy and Legislation
- Public Integrity
- Public Notices
- Public Records
- Unauditable Declaration
Auditor Yost Warns of Cybercrimes Targeting Local Governments
Auditor Yost discusses recent cyberattacks against local governments at a press conference on June 9, 2016.
Columbus – Auditor of State Dave Yost today warned treasurers, fiscal officers and others responsible for spending public money that cybercrimes targeting government are on the rise and urged them to be on alert.
“We’ve all seen and heard about the criminals who try to steal our personal funds. These scammers would like nothing more than to get their sticky fingers on our tax dollars, too,” Auditor Yost said. “We need to be vigilant because they are becoming increasingly sophisticated in how they attempt to steal money through the internet.”
The cybercrimes vary in how they scam individuals and governments, but typically involve an email – a practice known as ‘phishing’ – that contains either a link or an attachment that, when opened, infects computers or entices the recipient to share account information and passwords. Some of the attachments launch viruses that essentially take data hostage until a ransom is paid (known as ransomware).
Yost’s warning was prompted by several recent attempted scams, including one involving the Big Walnut Local School District in Delaware County. In early May, an employee in the treasurer’s office received an official-looking email from the treasurer asking that a vendor be promptly paid. The email had all of the markings of a district email, including the appropriate email address and letterhead. The employee and an individual who appeared to be her boss exchanged several emails to answer questions before the transfer of $38,520 was made.
“Some of these scam artists can make your eyes deceive you,” Auditor Yost said. “You need to be vigilant, especially if a proposed transaction originates from an email. When dispersing funds online, we must verify first, then trust.”
Yost called on local governments to:
- Review how their contact information is publicly displayed and consider removing email addresses to reduce the number of targets available to scammers;
- Create established procedures for regular updates of anti-malware software and backing up of data; and
- Establish defined protocols for anyone dispersing public funds, especially when the requested transfer is initiated by email.
Authorities continue to investigate the crime at Big Walnut schools, which has already implemented new policies governing this type of transaction. Fortunately, no taxpayer dollars were lost as all of the money was recovered through direct recovery and other means.
Other communities have been victimized as well:
- An investigation continues in an eastern Ohio county after the county’s court data was attacked by ransomware on May 31. A virus had encrypted the court’s data and hackers demanded $2,500 for the key to unlock the information. Because a recent copy of the data wasn’t available, the county agreed to pay the $2,500. (Note: Because the transaction is ongoing, we are not identifying the county.)
- A similar ransomware attempt was made April 5 in Vernon Township (Clinton County). That cyberattack did not result in the payment of any ransom because the township’s data was backed up.
- In Peru Township (Morrow County), the township fiscal officer’s computer began screeching on March 9 before a notice appeared on the screen advising that a solution was available by calling an 800 number. The township paid $200 to stop the attack.
- In Madison County, the Agricultural Society was scammed out of $60,491 through someone posing as the IRS, collecting back taxes. The incident occurred in September.
“The internet is the tool of choice for criminals, and we need to make it as difficult as possible for thieves to access community treasure chests,” Yost said.
More information about cybercrime is available here.
The Auditor of State’s office, one of five independently elected statewide offices in Ohio, is responsible for auditing more than 5,800 state and local government agencies. Under the direction of Auditor Dave Yost, the office also provides financial services to local governments, investigates and prevents fraud in public agencies and promotes transparency in government.
Director of Communications