Island officials might end up in a lawsuit with a truck-selling company asserting the city's transit department was deceived into transferring almost $700,000 for two trucks to a Kentucky bank account with no links to the legitimate vendor.
City officials on April 7 entered into an agreement with Longhorn International Trucks to purchase three 2023 model trash trucks for about $1 million, according to attorneys for Longhorn.
But an apparent phishing email told Galveston staff to send the money to the wrong account.
“Since it appears that the Kyrish Truck Centers Fleet Sales representative’s email system was compromised, this incident could involve litigation, so we are not at liberty to discuss the matter,” city spokeswoman Barbara Sanderson wrote.
The city council will view the claim at its meeting Thursday night.
Galveston’s fleet and mass transit division wrote a check for the first truck, which it received, according to a letter from Longhorn’s attorneys. Longhorn then sent the other two trucks, but the city hasn’t paid for them, according to a letter from the company to Galveston staff. The vehicles cost about $347,000 each.
Longhorn learned the city wired the remaining funds, about $695,000, to the wrong bank account, and the city has taken the position that it does not owe Longhorn the money, according to the letter.
“Without calling to confirm wiring instructions with Longhorn, the city wired $695,418 to an out-of-state bank,” according to the letter.
“There are constant warnings about wiring money without verbally confirming wiring instructions. Further, several red flags should have gone up for the city because BuyBoard participants must be in the state of Texas, and it would not be likely that a Texas company would do its banking in Kentucky.”
An email purportedly from Longhorn staff to Galveston’s fleet and transit department asked whether the city could wire the final two payments, instead of sending checks, according to the letter.
The email, which Longhorn said wasn’t sent by its staff, claimed the company was updating its billing system, which could alter the timeline of deposits, according to the letter.
Galveston staff members agreed to delay the payment and issue a wire transfer for about $695,000. But when Longhorn didn’t receive its payment, and it verified where Galveston sent the money, it learned the money went to another account entirely, according to the letter.
“While Longhorn regrets that the city emailed funds to an out-of-state bank without confirming wiring instructions via telephone, Longhorn cannot be the insurer of the city' s mistake,” according to the letter.
(8) comments
"The insurer's mistake". Uh dude, it was your email that was hacked. You're 1/2 at fault at best.
"The city's mistake" even. Mistakes happen. :P
Sounds familiar. In 2018, Galveston County wired $525,000.00 to scammers.
https://www.galvnews.com/news/delay-tactics-forged-signatures-aided-county-scammers/article_4e9b7e13-5851-56d2-81cd-129b1f6b9fd3.html
Hopefully the City will recover the stolen funds and hold those responsible accountable.
Sounds like it's past time for city employees to refresh their Cyber Security training. Most corporations require this every year. I wonder if the city does? Or Kyrish? Or if the city requires this training for their suppliers?
Also, it would be suspiciously odd if Galveston was the only victim of this scam.
Does Galveston have a double approval process for payments in place. Having two different employees (or one employee, one manager) check every bank transfer is a good way to reduce the possibility of fraud. The last step in payment, could be all payments have to go thru one city employee. Things need to change, because what they are doing is not working.
Being fooled one time should lead to a harden money payment program. The question now should be, how's Galveston going to prevent a third time. One way is below, unless Galveston has a program like this in place.
Is the city using something like, Trustpair, that's made for a city? It's a leading vendor fraud prevention platform for large companies? Fraud protection software like Trustpair helps you set up automatic security processes across your payment chain to really reduce (or even eradicate) the risk of fraud.
How common is this type of fraud?
Fifty-six percent of U.S. companies were targets of B2B payment fraud last year. (B2B payments are payments made by one business to another.) As adoption of ACH, instant payments and other critical digital payment methods accelerates, companies’ exposure to fraud events significantly increases alongside. The cost of these events can reach a staggering $20B annually”.
And the beat goes on!! Waste, fraud, abuse & inefficiency - we have been pointing to it for 3 years now.
Where is the City Auditor in all this? It is pretty common to confirm payment instructions, especially when they are changed by something that is prone to hacking/spoofing like an email. Have we not learned from the occurrence at Galveston County & the occurrence in Dickinson on the paving/road repair contract? It just keeps getting better!! Why are we not looking at our systems with a critical eye? IS IT TIME FOR A CHANGE YET?
This is the second time that city officials have been defrauded in this manner. I think it’s past time to start looking into our city officials. This is highly suspicious!
Has anyone investigated what ties Longhorn International may have to the Chinese?
