A hacked email and a 'romance scam' helped thieves siphon US$13mil from US schools, officials say

In the second part of the scam, officials said, the thieves preyed on a recently widowed Florida woman through a fake e-Harmony online dating profile. — 123rf.com

International thieves siphoned US$13mil (RM58.29mil) in state aid from the Chester Upland School District last year in an intricate plot involving hacked emails, cryptocurrency, and a sham e-Harmony romance with a Florida widow, officials said Friday.

Following a "long and complex investigation," Pennsylvania State Treasurer Stacy Garrity and Delaware County District Attorney Jack Stollsteimer said that around US$10.3mil (RM46.19mil) of the missing state subsidy money had been recovered and returned to the school district.

Chester Upland School District says millions of dollars are missing. The DA has launched a probe.

But around US$3mil (RM13.45mil) was laundered into cryptocurrency and remains missing, with the thieves responsible being investigated by federal authorities, according to Stollsteimer. No charges have been filed, and Stollsteimer declined to answer questions about the ongoing federal investigation and the hackers' identities.

"The people who shouldn't be victims here are the students of the Chester Upland School District, one of the poorest districts in Pennsylvania," Stollsteimer said. "We need to convince the commonwealth and the Department of Education to make them whole."

The Chester Upland School District — home to around 7,200 public school students, including those who attend charters — has been under financial receivership by the state since 2012.

The scheme occurred in two parts, detectives from the Delaware County Criminal Investigation Division found. First, hackers with ties to Nigeria compromised the school district's email systems, hacking in and gaining control of an employee's account.

Stollsteimer declined to comment specifically on how the hackers were able to access the school employee's email account, citing the active federal investigation into the fraud. There was no evidence that any employee of the school district was involved in the scheme, he said.

Using the compromised email account, hackers were able to send legitimate-looking emails to the state Comptroller's Office, requesting a change in the bank account from which the payments to the district from the Pennsylvania Department of Education are deposited.

Between December 2020 and February 2021, 25 payments were diverted to the hackers' account, according to Garrity.

In the second part of the scam, officials said, the thieves preyed on a recently widowed Florida woman through a fake e-Harmony online dating profile. They persuaded the woman, who had banking experience, to act as a "money mule," transferring the stolen funds through bank accounts and eventually into cryptocurrency.

"Thanks to quick action by the treasurer's office, this audacious attempt to steal from the schoolchildren of Chester and the taxpayers of the commonwealth was thwarted," Stollsteimer said. "The scope and complexity of the scheme are, however, alarming and remind us all of the importance of keeping our technology protected, as well as the perils of conducting financial transactions with — or on behalf of — individuals unknown to you."

Had the thieves been successful, Stollsteimer said, the district likely would have had to struggle to pay its teachers last year.

The Delaware County District Attorney's Office began its investigation into the missing funds in February 2021, after the receiver's office overseeing Chester Upland's finances contacted law enforcement to report that it had not received millions of dollars in a subsidy payment due from the Pennsylvania Department of Education.

At the same time, the state treasurer's office received an alert that an US$8.5mil (RM38.11mil) payment request from the education department had been flagged as potentially fraudulent.

The state treasury worked quickly to identify and recall the misdirected funds, officials said Friday, recovering US$10.3mil.

But the district is still waiting for just over US$3mil in missing money, said Nafis J. Nichols, who was appointed receiver in August 2021 — several months after the hack occurred. Chester Upland is in talks with its insurance carrier and the state Department of Education for help in recouping the additional funds, he said.

He called the stolen money "very detrimental to the district's finances as we're already a financially distressed district." In order to stay afloat, Nichols said, the district had to make "many, many adjustments" to its budget, while building improvements across the district were largely sidelined.

Attacks involving the use of email to scam school staff have been on the rise over the last six years, according to a report by K12 Security Information Exchange, a national nonprofit that analyses cybersecurity threats to schools.

Following the hack, Nichols said, Chester Upland put in place "a lot of different measures" to ensure more cybersecurity, including two-step email log-in, frequent password change requirements, and IT team training to prevent potential future attacks.

The state, too, strengthened its security, adding a fraud-prevention verification tool as well as a system designed to flag suspicious transactions, officials said. All agencies, boards, or commissions receiving payments from the state treasury will be required to use approved fraud-prevention vendors for their money transfers, officials said.

A spokesperson for the Pennsylvania Department of Education said the hack did not "involve any compromise of PDE systems or data" but declined to comment further.

Though Chester Upland's former financial recovery plan involved blueprints to turn over some or all of its schools to charter management companies, Nichols said that is no longer the case. The receiver's office is in the process of creating a new financial recovery plan, he said, though details are still under wraps.

Pointing to consistent district leadership, and the goal of improving not only the district's financial picture but also its educational rigor, Nichols said, his goal is "to work very aggressively over the next three years to get us to the finish line." – The Philadelphia Inquirer/Tribune News Service

Article type: free
User access status:
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

Comms and Digital Ministry announces RM69 fixed Internet broadband plan with speeds of up to 30Mbps for low income groups
Xiaomi demands payout from supplier after car designs leaked
Sony lifts outlook closer to record level, raises PS5 sales target
ABB won't rush float of $2.9 billion electric vehicle charging business - CEO
Plenty of Americans are drinking bleach, still for sale on Amazon
Tesla can’t duck defect trial over double-fatal 2016 wreck
Electronic Arts cancels secret ‘Apex Legends’ game in development
OpenAI introduces ChatGPT pay subscription for US$20 a month
‘You hurt his soul’: Mother’s 20-minute tirade of abuse at woman asking her son not to use women’s toilet renews bathroom gender debate
Infineon Q1 revenue comes in slightly below expectations

Others Also Read