The City of Fresno lost an estimated $400,000 in 2020 after being the victim of a phishing scam, and former Mayor Lee Brand’s administration did not disclose the loss to Fresno City Council and taxpayers , confirmed The Fresno Bee.
Additionally, the current administration of Mayor Jerry Dyer in December 2021 denied a public records request from The Fresno Bee seeking communications from the city regarding the fraud. The city told The Bee that no records had been located. However, The Bee recently obtained emails that existed prior to the request for the recordings.
The wire fraud was disguised as an invoice from a sub-contractor working on the construction of the new Southeast Fresno police station, council member Miguel Arias told The Bee. The invoice had the contractor’s header and only the account numbers were different. A city employee made an electronic money transfer, not knowing the bill was fake, he said.
In an interview on Wednesday, Dyer said two payments were made. Arias said city officials believe the money was sent to an account in Africa.
City officials first reported the incident to the Fresno Police Department. The investigation was later turned over to the FBI after federal investigators received a complaint from another jurisdiction involving the same suspect, Dyer said. The FBI asked city officials to keep the incident secret, so that their investigation would not be compromised, Dyer said.
It appears less than $2,000 was recovered and the rest of the money is likely lost, Arias said.
“I understand that’s the biggest loss for the city, in the event of fraud,” Arias said.
“We want nothing more than to identify who took the money and get it back and hold those people accountable, so they don’t victimize someone else,” Dyer said.
Fresno City Council learned of the incident in 2021 when Dyer’s administration requested additional funds from the general fund to cover the shortfall, Arias said.
In the interview with The Bee, Dyer said he learned of the loss about two months before taking office and put it on the agenda for the board’s closed session for the first meeting of 2021 after taking office.
“I felt the need, as the new mayor, to get off on the right foot and make sure there was some transparency,” Dyer said.
“When he informed us of this, he was taken aback and surprised that the board had not been made aware of such a significant incident,” Arias said of Dyer. “So thank you to the mayor for leaking it to the city when he took office, and shame on the previous administrative staff who hid it from council and the public.”
Common electronic fraud
Online fraud has evolved from the Nigerian prince scam to become more elaborate. In 2020, Vendor Email Compromise (VEC) was predicted to become the #1 type of electronic attack. In a typical vendor email attack, scammers create fake invoices that look exactly like a real provider, but they change the bank account information so that when a payment is issued, the money ends up in the scammer’s account.
“I think it’s important for the public to know that even organizations as large as the city, with its own police department and multiple security measures in place, can fall victim to electronics. It should be important for the public to take as many precautions as possible,” Arias said. “In this case, Fresno is not immune to people trying to defraud the city. These are very complex financial schemes, so it’s unfortunate. Unfortunately, this has happened to us.”
Since becoming police chief, Dyer said he has seen countless instances of online fraud.
“They usually go after older people, maybe less suspicious people,” Dyer said. “But I was unaware of these kinds of things that were happening in the municipal government. Perhaps there have been others over the years that I may not have been aware of. It’s very rare, but I don’t think it will be unique in the future.”
Since the fraud occurred, the city has spent millions updating its IT infrastructure to protect the city’s private data and prevent further scams, Arias said.
Dyer said the city comptroller’s office received additional training and processes were changed to avoid similar situations in the future. For example, many people now check invoices before transferring money, and employees can call suppliers to verify that invoices are real if there is the slightest suspicion that they are not.
The board also asked to be notified if any fraud occurred in the future, Arias said.
“If the City of Fresno, with all the protocols in place and the safeguards, can fall victim to a fraud like this, then the average citizen can fall victim much more easily. And I’ve seen them over the years,” Dyer said. “It’s really important for people to be very careful when they’re on the internet or receiving any type of electronic communication.”
Denied Public Folders
The bee received a tip on the fraud case in 2021.
On December 13, The Bee submitted a public records request to the City of Fresno requesting “any communication between members of the Fresno City Council and Mayor Jerry Dyer’s administration regarding wire fraud during the calendar year 2021″.
The city initially requested an extension to respond to the request for documents. Then, on December 22, the city denied the request for records, stating, “The City of Fresno has reviewed its records and has not located any records responsive to your request.”
However, earlier this week The Bee obtained emails between Arias, former City Manager Thomas Esqueda, City Comptroller Michael Lima and City Attorney Doug Sloan discussing the fraud.
In an email dated Dec. 1 with the subject line “Payment of $500,000,” Arias asked Lima and Sloan, “What’s the status of the payment we made to the prince in Africa…Have we got our money ?”
Esqueda responded the same day, saying an FBI investigation was ongoing and the city had so far recovered approximately $1,600.
The email chain continued on December 29, when Arias asked Esqueda and Lima where the loss would be counted against the budget.
“I can’t say why administrative staff wouldn’t post something that is clearly in the public interest and what I believe is a public document, which is disturbing,” Arias said.
Dyer said the emails were inside information since the city attorney was included. Had the city denied the request citing solicitor-client privilege, it would have confirmed the existence of an FBI investigation, Dyer said.
Fresno Bee editor Joe Kieta called the PRA’s refusal “troubling”.
“When government officials deny the existence of documents that clearly exist, it undermines public trust in the city at large and raises legitimate questions about transparency and the good faith of those charged with handling public money,” Kieta said on Wednesday. “If they kept a loss of nearly half a million dollars a secret for nearly two years, what else didn’t they leak to the public?”
The loss was listed in the city’s full annual financial report for 2020, Dyer said, but it may not have been listed as a felony loss.
Dyer agreed taxpayers should be aware of the loss, but said the key was timing and balance in how it was reported.
“Certainly the public needs to be made aware of these things. It’s always a matter of timing,” he said. “It’s like any type of criminal act that happens. The main objective or priority is the investigation, trying to arrest someone, then informing the public or the media.