Minneapolis Public Schools was nearly conned out of $500K

Loading Video…

This browser does not support the Video element.

Minneapolis Public Schools was nearly conned out of $500K

At the height of the pandemic, one of Minnesota’s largest school districts fell victim to cyber fraud and nearly lost half a million dollars in the process. The previously unreported crime targeted Minneapolis Public Schools in April 2020, when schools and administration offices were vacant due to COVID-19. 

At the height of the pandemic, one of Minnesota’s largest school districts fell victim to cyber fraud and nearly lost half a million dollars in the process.

The previously unreported crime targeted Minneapolis Public Schools in April 2020, when schools and administration offices were vacant due to COVID-19.  

The FOX 9 Investigators obtained internal financial records, which reveal a fraudulent payment of $503,488 which was supposed to go to Stahl Construction Company. 

Stahl Construction is an independent contractor that has done previous construction work for MPS. While the relationship with the contractor is legitimate, the April payment was made to a fraudulent bank account located almost a thousand miles away in upstate New York. 

According to police records, the fraud suspect sent an email to the MPS finance department requesting to change bank account information on file for the legitimate contractor. The email originated from a fake address while pretending to be the legitimate contractor. 

"In social engineering, the human element is considered the weakest factor," said cybersecurity expert Sal Sparace of Red Team Security. He describes social engineering as essentially hacking people’s behavior either through email, voice or in-person physically.

In the MPS case, a search warrant executed on the fraudulent bank account revealed the only money ever in the account was the wire transfer tricked out of Minneapolis Public Schools. 

"Something like that very well could have been targeted," said Sparace. 

One MPS finance worker blamed pandemic work conditions as one possible factor, telling investigators she believed school officials did not initially catch the error "due to everyone working from home and employees and departments not contacting each other for verification." 

However, officials with the real Stahl Construction flagged that they had not received the payment due. The bank was able to reverse the wire transfer but only because it was caught within five days – a technicality that saved MPS hundreds of thousands of dollars. 

"In this particular case, I think they’re pretty lucky," said Sparace. 

Cyber crimes in Minnesota

Across the state, cybercrimes are costing Minnesotans tens of millions of dollars.

According to the FBI’s 2021 Internet Crimes Report, more than 5,800 people in Minnesota fell victim to an internet crime, with victims losing an estimated $83 million. 

Accountability doubtful

As for the MPS wire fraud case, justice appears doubtful. 

After a preliminary investigation, law enforcement authorities in Minneapolis informed the school district to file a report with New York State Police. 

However, when the FOX 9 Investigators filed a public records request with New York State Police, they "did not find any records."

Minneapolis Public Schools declined an on-camera interview but issued a brief statement, which said in part: "We followed our protocols, and the money involved was safely returned to the district. After the situation was resolved, MPS put additional protocols in place to ensure this does not happen again."

However, cybersecurity expert Sparace said that staying ahead of con artists can be difficult, especially considering ever-evolving tactics and technologies. 

"Every time we make improvements on training or how companies will, you know, address certain, security concerns, the malicious actors are getting even more creative and they're evolving as well," said Sparace.

Social engineering tips

With many people still working from home in some capacity – how can you protect yourself? Cybersecurity expert Sal Sparace said it boils down to questioning every email you get – the source, the content and the reason behind it. 

Loading Video…

This browser does not support the Video element.

Expert tips to avoid social engineering scams

Sal Sparace of Red Team Security shares tips to avoid social engineering scams. He says, "In social engineering, the human element is considered the weakest factor." He describes social engineering as essentially hacking people’s behavior either through email, voice or in-person physically.