The state auditor and Ohio Department of Education are warning school districts statewide that an email-based payroll fraud scam continues to spread.
Weeks after Dayton Public Schools was scammed out of a paycheck for Superintendent Elizabeth Lolli, the Ohio Department of Education sent a message to schools this week via its Ed-Connection service, saying “several” school districts have been victims.
“Each of the instances reported to the Auditor of State’s Office involves a cyber-criminal impersonating the superintendent or a principal of a school district,” the ODE message said. “In each case, an email was sent to a payroll department employee asking that a change be made to the bank account linked to the superintendent’s or principal’s direct deposit.”
In Dayton’s case, Lolli said a phishing email apparently fooled a school payroll employee into changing her direct deposit bank account information. Lolli’s $5,159 check was sent to the scammer’s account, tied to a bank in Salt Lake City, and was withdrawn before the school district could reverse the charge.
Last month, Ryan Pendleton, a board member for the Ohio Association of School Business Officials, said several schools in northeast Ohio had received similar phishing emails.
Theft operations like this are not new. In 2017, scammers stole paychecks totaling $56,000 from 27 employees of Atlanta Public Schools. Last year, scammers stole the W-2 information of every employee in the Scottsboro, Ala., schools by posing as the superintendent in an email to the payroll department.
The FBI has issued warnings about these scams in both 2017 and 2018, with last year’s alert saying the education, healthcare and airline industries were being hit hard. They are sometimes referred to as CEO fraud, as the scammer poses as an executive who has the authority to request information.
The Auditor of State’s Office is encouraging school districts to evaluate their procedures for changing employees’ bank information, and to take personal steps beyond just email to verify whether such a change request is genuine.
Lolli said scammers tried the same phishing attack on her husband, Gene Lolli, superintendent of Fairborn schools, but a payroll employee there asked him about it in person, preventing the scam from succeeding.
“First and foremost, report all scams to the local police department and the FBI,” the auditor’s office said in a statement. “If a district or school loses cash or assets because of such a scam, officials also should contact Ohio’s Fraud Hotline at (866) FRAUD-OH.”