It took only one email from scammers to get the Rock Island County auditor’s office to wire $97,000 to a fraudulent bank account.
Six weeks later, an additional payment of $18,000 was wired, bilking the county out of $106,103 before the account was frozen with $9,000 still in it.
Emails obtained through a Freedom of Information Act request by the Dispatch/Argus and Quad-City Times show how easy it was for criminals to steal money from the county by simply asking for the funds to be wired.
Someone alleging to be a legitimate contractor with whom the county does business duped the auditor's office into wiring the money to a "new bank account" June 1. The theft of funds by wire fraud was caught by the county's financial institution, which notified officials. The Rock Island County Sheriff's Department began investigating the theft July 28.
On the morning of June 1, an email from someone impersonating the "controller" of a Rock Island contractor on the county's P25 radio project emailed Deputy Auditor Amanda Van Daele. Portions of the emails were redacted identifying the legitimate company that was used as bait.
"Good morning Amanda, hope you are doing well," the email read. "This is to inform you that (redacted) Construction, Inc. have recently made some company financial changes and moved all of its banking to a new bank. Please see attached and kindly update our new ACH information in your system immediately to ensure timely payment of current and future invoices in your possession. Let me know if you need anything else."
The scammers attached an electronic funds transfer form available on the county's website. Also attached was a letter from the vice president of commercial banking at Citizens Bank in Macomb, Ill., verifying the account and routing numbers of the bank account in which the money was to be transferred.
Van Daele replied 14 minutes later.
"Your information has been updated in our system and will be reflected in the June payment," she wrote.
The following day on June 2, the scammers emailed Van Daele again, saying there was an error in the account number and to please use the new one being provided. Van Daele replied that the information had been updated.
On June 11, the scammers emailed Van Daele again and asked if there were any invoices "currently being processed or authorized for payment for (redacted) Construction at this time?" Van Daele replied 45 minutes later that $97,042 would be paid June 18.
The scammers replied, "Thank you for the update. Have a great weekend."
On June 14, the scammers contacted Van Daele again, asking for their banking information to be updated a third time and provided a letter from the vice president of commercial banking for Wells Fargo Bank. Van Daele replied, "the information has been updated."
After the payment of $97,042 was sent, the scammers emailed Van Daele July 13, asking if there were any more invoices that would be processed for payment. Van Daele replied that $18,061 would be processed on July 23.
In the scam's fallout, County Board Chairman Richard "Quijas" Brunk sent an email Aug. 13 to Rock Island County Auditor April Palmer and copied County Administrator Jim Snider, State's Attorney Dora Villarreal and Sheriff Gerry Bustos, requesting for Van Daele to be placed on administrative leave.
Brunk then sent the series of emails between Van Daele and the scammers to county board members before the Aug. 17 board meeting. Brunk also laid out the timeline of the bank fraud, noting several "red flags," suggesting Van Daele should have followed up with a phone call.
County board members voted 22-1 in a vote of no confidence for Palmer, asking for her resignation and the termination of Van Daele. Bob Westpfahl cast the opposing vote. A forensic audit of the auditor's office also was approved.
But Palmer is an elected official and cannot be terminated, and the county board has no authority over Van Daele since she reports to Palmer.
"Things are remaining the same at this time," Palmer said Thursday. "There will be more information to come."
Palmer confirmed that Van Daele was placed on administrative leave "for six business days until I was informed I could bring her back. I was taking direction and doing everything I was asked, and I continue to do so."
Kurt Davis, information systems director for Rock Island County, said the county was the victim of an attempted wire fraud in August 2020, but county offices stopped it. He said the recent wire fraud was not a failure of any cyber protection.
"This was a cybersecurity issue only in the fact this was an email the county received," Davis said. "We have in place spam filtering that provides protection against spam, malicious email and protection against viruses within emails; virus and phishing protection on the workstations; and protection against ransomware."
Palmer sent Davis an email Aug. 19 seeking to understand the situation.
"I was led to believe email scams are a part of cyber security," Palmer wrote. "So you are confirming that nothing would have flagged 'the email as spam or a security risk.' If you would not have caught it as trained (information technology) personnel, then how could I or my staff be responsible for not catching it? Your staff member did not catch it either before changing the vendor in (the database)."
John Johnson, president of the Docent Institute, a nonprofit that offers education on cyber security and other technology, said employers needed to educate their employees on best practices.
"When anything comes of high value and it doesn't feel right, you need to call that office and ask to speak to that person," Johnson said. "People will email and call and pretend to be someone else. I think the awareness of what a phishing email looks like and validation what their email looks like is necessary.
"Just pick up the phone and give them a call," he said. "When the risk is higher and there is a high financial cost, you need to verify it."