Phishing scam hit St. Landry Parish Government

St. Landry Parish Government fell victim to an e-mail phishing scam in May that resulted in an authorized transfer of $43,280, according to an audit.
The parish recovered all of the money, according to Bill Fontenot, parish president.
The audit by Darnall, Sikes, Gardes & Frederick was reported at the July 20 St. Landry Parish Council meeting.
Steve Moosa, CPA, said in a telephone interview that someone hacked into Parish President Bill Fontenot’s email account and then emailed the finance director to send money to a bank.
The phishing scam was discovered when Fontenot was contacted by the finance director, Novella Moore, about the payment,Fontenot said.
The scam was initiated late Friday and Moore contacted him Monday morning about the transfer, he said.
At that point the scam was discovered, the bank and police were contacted, Fontenot said.
Within a couple of hours the FBI had taken over the investigation, he said.
A government in Arkansas was also under attack at the the same time, Fontenot said. Fortunately for the Arkansas officials the finance person and the supervisor were talking in the same room when the e-mail requesting a transfer was made, he said.
The Arkansas officials called the bank, which was the same used in the St. Landry Parish scam and both transactions were frozen.
The full amount was recovered within six weeks of the scam, he said.
“We learned a lesson that no matter how secure we think we are, we are really not,” Fontenot said.
At the time of the audit about $29,000 of the initial amount transferred was frozen at the bank, the audit stated.
The phishing occurred in May, but Moosa said the Legislative Auditor advised him to put the incident in the 2015 audit.
The audit recommended that parish government disbursements be made from an original invoice and with proper review and approval.
“Disbursement of funds occurred without the tangible support of an approved and authorized invoice,” the audit stated.
“Management should avoid releasing funds for payment on any item or service that has not been properly supported by a reviewed and approved invoice,” the audit stated.
Fontenot said the scam continues to be investigated.
The Federal Trade Commission advises, “Don’t reply to email, text, or pop-up messages that ask for your personal or financial information. Don’t click on links within them either – even if the message seems to be from an organization you trust. It isn’t. Legitimate businesses don’t ask you to send sensitive information through insecure channels.”