Eagle Mountain City discovered it was the victim of an “organized cybercrime” scheme resulting in the loss of $1.13 million, according to a Monday news release.
Through the use of an email impersonation scheme, the thieves portrayed themselves as a vendor that is working with the city on a major infrastructure project, officials said, and received the money through an “automated clearing house” transfer, a type of electronic payment.
Tyler Maffitt, a spokesperson for the city, said that the impersonated vendor was WW Clyde, a construction company working on widening Eagle Mountain Boulevard, the arterial road in the city.
Maffitt said that the thieves inserted themselves into an email thread between the city and WW Clyde, and then, using an email handle similar to the construction company’s, posed as a representative of WW Clyde and persuaded city staff to send funds to them instead of the actual vendor.
“This was a criminal act,” Maffitt said Monday.
Within “minutes” of learning of the theft, Eagle Mountain City alerted the FBI, the Utah County Sheriff’s Office and the vendor, the release stated. As of Monday afternoon, law enforcement had not caught the thieves, Maffitt said.
Since the theft was discovered, Eagle Mountain City has “strengthened its financial policies” regarding such payments “to implement an added layer of accountability for city staff when completing financial transactions,” the release states.
The city is insured against such crimes and is working with the insurance company to receive reimbursement for the stolen money.
City officials stated that no resident, client or vendor was compromised by the theft, and that no city or vendor employees are suspected of wrongdoing at this time.
Correction • Sept. 14, 10:45 a.m.: The story has been updated to correct a description of Automated Clearing House transfers.