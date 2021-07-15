CORUNNA — The misdirection of nearly $45,000 from Valley Area Agency on Aging to a fraudulent account that was represented as the Shiawassee Council on Aging bank account was the result of an email monitoring scam, VAAA President/CEO Yaushica Aubert told county officials Wednesday.
The VAAA sent $44,813.33 into the scammer’s account in May after SCOA Executive Director Cynthia Mayhew’s email was compromised. Hackers made an account change request “in the midst of legitimate email exchanges” between VAAA and SCOA, Aubert said.
VAAA received $5,000 from its wire transfer insurance, as well as a $5,000 community grant from Huntington Bank — all of which it will send to SCOA. The VAAA will also pay the remaining balance to SCOA — more than $34,000 — from its unrestricted fund reserves.
SCOA’s cyber-insurance company has said it would not cover the loss because the funds were sent by VAAA, according to Mayhew. The incident did not affect county millage funds, she said in a July 9 letter to the county.
A SCOA investigation on the matter remains ongoing.
“It’s important for us to make sure that the aides that provide the services to the seniors get reimbursed,” Aubert said. “This was an unfortunate, unfortunate, unfortunate thing that happened, but we really want to get back to the business of providing services to seniors.
“We’ve been doing business with SCOA for well over 20 years,” she added. “I’m confident that once (SCOA) produces a cyber plan, this will not happen again.”
SCOA receives state funding through the VAAA. VAAA receives state funding from the Michigan Aging and Adult Services Agency.
According to Mayhew, her email was breached May 11, but the breach was not detected until June 1. Mayhew said the VAAA funds were misdirected into a newly created account on May 28.
Upon returning from the Memorial Day weekend vacation, Mayhew discovered on June 1 that the VAAA funds had not been deposited into a SCOA bank account.
Following the discovery, Mayhew contacted SCOA’s information technology (IT) provider, ATS, which changed passwords on computers, disabled administrative access, and inspected computers to determine whether they were infected with malware or viruses, before contacting Owosso police and informing the SCOA board on June 16.
SCOA is currently cooperating with Owosso police on the fraud investigation.
Aubert shed light on the email scam during Wednesday’s Shiawassee County Board Committee of the Whole meeting, citing information from VAAA’s now completed investigation with Flint police.
“There’s legitimate emails going back and forth between SCOA and (VAAA), and then (hackers) literally inserted an email in there asking, ‘Oh by the way, we need to update our account information,’” Aubert explained.
The account change was signed off on by VAAA’s accountant and chief financial officer before funds were transferred. VAAA did not call SCOA to confirm the account change, relying only on the emails from Mayhew’s compromised account.
“It seems like somebody would have made a call,” Board Chairman Jeremy Root, R-District 5, said. “But we’re so fast. Everybody wants everything now and they want it so fast that we forget to do those little things.”
“If the email would have came out of blue, then I would say, yes, they would have called (Mayhew),” Aubert responded, noting of the 15 emails sent between SCOA and VAAA, only three were from the hacker.
VAAA will require entities requesting an account change to make face-to-face contact with the agency in the future, either in-person at its office or virtually via video conference, Auburt said.
During Tuesday’s committee meetings, Root suggested the county withhold its monthly check to SCOA — roughly $25,000 — until appropriate cyber security measures are enacted. No formal action was taken by the board.
County coordinator Brian Boggs Wednesday offered a number of recommendations regarding SCOA’s financial security moving forward, among them requiring two-signature verification on all financial documentation. Currently only one SCOA signature is required on financial documents.
Boggs indicated the county’s contractual agreement with SCOA expired in 2019. A new agreement specifying all of the terms needs to be in place, he said.
Boggs additionally took issue with how the fraud incident was relayed to commissioners.
Commissioner Marlene Webster, R-District 1, said Mayhew sent an email to the treasurer’s office and accounts payable clerk two days after she discovered the misdirected payment.
“Sending it to the accounts payable clerk is not an acceptable way to communicate about a fraud issue,” Boggs said, indicating he’s discussed the matter with the accounts payable clerk to avoid delays in the future.
Commissioner Gary Holzhausen, R-District 3, who serves on the SCOA board, reiterated he informed commissioners of the misdirected funds June 17 during a full board meeting, though the topic drew little discussion.
The SCOA board held an emergency meeting with Aubert Wednesday, developing a plan on how a similar situation could be avoided in the future, Webster explained.
“Everybody’s working really hard to make sure this doesn’t happen again,” Webster said.
Mayhew, who attended Wednesday’s meeting, took no issue with Boggs’ recommendations. She did question, though, whether or not SCOA’s funds would be held.
No formal action was taken by the board Wednesday, though discussions could resume at 5 p.m. tonight during the full board meeting.
“I’m willing to work with you guys,” Mayhew said. “I have to make sure that our senior services are not in jeopardy.”
A cyber security firm will be hired by SCOA to manage and analyze systems, staff will receive additional training, and additional anti-virus software will be installed, according to Mayhew, who offered few details Wednesday, citing the ongoing investigation.
“I’m really hoping that it really comes to light for everybody to have an answer,” she said. “Believe me, this wasn’t taken lightly.”
(0) comments
Welcome to the discussion.
Log In
Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.