Phishing scheme led to $2.2 million taken from Grand Forks Public Schools

Nov. 19—GRAND FORKS — The business manager of Grand Forks Public Schools said Monday the $2.2 million swindled from the district earlier this year was taken in a phishing scheme.

Speaking on KNOX's Critical Thought with Noah Chelliah, Business Manager Brandon Baumbach described the multimillion-dollar fraud as the result of a phishing or social engineering scam.

In a phishing attack, attackers deceive employees into revealing sensitive information or installing ransomware or malware.

"Basically what it is is somebody from outside an organization contacts people inside an organization to get them to do something, usually to wire money or to get somebody to give them information," said Julie Platt, a Los Angeles-based certified fraud examiner.

Phishing was by far the most common type of cybercrime last year with 298,878 complaints, according to the FBI's Internet Crime Report, though the number of cases has fallen in the past two years.

Grand Forks Public Schools and the Grand Forks Police Department have provided few details on the crime or the ongoing investigation. The Secret Service is assisting with the investigation.

Grand Forks Police Lt. Andrew Stein shared last week that police hope to recover half of the $2.2 million taken on Sept. 13 via wire fraud.

GFPS Superintendent Terry Brenner said on Critical Thought that the district's IT director had told Brenner the scam was the "most sophisticated cybercrime he's ever experienced."

"It wasn't an email saying 'we're holding your parents in a foreign country,' " Brenner said.

Platt said the amount of stolen money suggests the thieves had "inside information" about the district that they levied to make the social engineering scheme more persuasive.

"When you're phishing, you don't know who the people are or what the people do," Platt said. "With that much money, whoever contacted the person who released the $2 million had some info, had enough info to know the district owed some money."

Still, Platt questioned the lack of controls that allowed for the money to be taken.

Baumbach pointed out on the air that the district was required by law to share much of its business records with the public. He declined to tell the Herald how this related to the district wire fraud, saying he was commenting on a hypothetical offered by Chelliah.

Neither district officials nor law enforcement have disclosed whether the $2 million was taken in a single transfer or in multiple payments, but the police report filed by district officials list a single date for the crime, as opposed to a range of dates.

In the four days leading up to the Sept. 13 fraud event, the district's business office made more than a thousand payments, according to records obtained via open records request. Most of these transactions were payroll for the district's approximately 1,600 employees.

Two of the largest transactions were a pair of payments to contractor Construction Engineers Inc., in the amount of $621,864.66 and $2,302,741.

Baumbach said he was unable to immediately recall the specifics of those payments but said they would have been for one of several construction projects the contractor is working on, like the new Valley Middle School and the Central Kitchen.

"They would normally bill on the same timeframe each month," he said. "And when we receive those in the same time frame, we would process them for payment at a similar time."