Big Walnut Local Schools officials say the district has “recovered” $38,520 stolen in a cyber-attack that was revealed at a press conference held by State Auditor Dave Yost on Thursday.
Terri E. Eyerman Day, treasurer for Big Walnut Local Schools, said the district has “recovered” the $38,520 lost in an email fraud. “The majority of the money was recovered through the bank and other sources,” Eyerman Day said.
The district was one of several local governments hit by cyber-attacks that were discussed by Yost Thursday at the Statehouse in Columbus.
“The Big Walnut Local District recently became the victim of a ‘spear-fishing’ fraud incident,” the district stated in a prepared statement. “This is a sophisticated method that utilizes fraudulent email to target individuals. Because the incident is still under investigation, we have been unable to discuss specific details. … There have been no data breaches to our system.”
Recently an employee in the Big Walnut School District treasurer’s office transferred $38,520 on a request she thought came from her boss, according to Yost.
The email she received was a realistic counterfeit of the district’s email, Yost said. The employee took steps to verify the email before transferring the money asking that a vendor be promptly paid.
The email had all of the markings of a district email, including the appropriate email address and letterhead. The employee and an individual who appeared to be her boss exchanged several emails to answer questions before the transfer of $38,520 was made.
Big Walnut has taken the advice of the State Auditor’s Office regarding precautions since the incident.
According to Eyerman Day, the district continually updates anti-virus software and runs back-ups daily. “We make sure we have all areas protected,” she said.
Yost also suggested creating a password that can be worked it into an email as a secondary precaution. If the word is not in the email, the person receiving it will know the email is a forgery.
“Develop a code word that can be embedded in the email and change it with regularity,” he said.
Eyerman Day said Big Walnut now uses a code word in their email and change it often.
Yost called the press conference because several local governments in Ohio have fallen prey to cybercrimes, costing thousands of taxpayers’ dollars, he said.
Cyber-attacks have occurred in Delaware, Madison, Morrow, Clinton and Warren counties, Yost said.
“We’re seeing a disturbing increase in cybercrime,” he said.
“A lot of these governments are very small,” Yost said. “They should be making sure their anti-virus is up to date. Do nightly backup of data.”
According to Yost, the only reason authorities know about the attacks is that some have asked the auditor’s office for help. By law, nobody is required to report these types of crime, he said.
However, Yost said he was not aware of the recent $134,000 forged check in Delaware County’s Liberty Township, which township officials believe may have been done online.
Liberty Township’s Fiscal Officer Nancy Denutte in May found the counterfeit check made out to a used car dealership in Sidcup, England, while reconciling the township’s bank statement.
Liberty Township’s lost funds have also been restored.
Big Walnut and Liberty Township’s accounts are with the Delaware County Bank. The bank has declined to comment on the Liberty Township case.
D. Anthony Botkin may be reached at 740-413-0902 or on Twitter @dabotkin.