How Fort Lauderdale Recovered a Phished $1.2M Police HQ Project Payment

Quick action thwarts cyber thieves stealing a payment for the Florida city's contractor

Screenshot, partially cropped, from a Station WTVJ-Fort Lauderdale broadcast last January showing the site of the city's police headquarters.

Jan. 25th was a happy day for the city of Fort Lauderdale, Fla., as Mayor Dean Trentalis and Police Chief William Schultz announced in a press conference the recovery of a $1.162-million electronic payment meant for Moss Construction that had been stolen in September via an email phishing fraud.

The FBI, the U.S. Secret Service and the city's police had all worked on the investigation of the diverted money, which was a payment for work on a $100-million police headquarters—a three-story building.

And unlike another recent construction payment stolen through an email phishing scheme—last year's theft of a $735K payment for a warehouse in Minnesota—this investigation started soon after the funds were diverted.

"The incident," according to a statement from the U.S. Secret Service, occurred on Thursday, Sept. 14, 2023. Six days later the city had announced the theft.

In contrast, the Minnesota phishing theft was not detected for a month, according to court documents in lawsuits and liens generated by that lost payment.

Had more weeks passed, it's possible the money never would have been recovered because the Florida theft—performed by an international criminal ring—was trying to move the funds from the accounts where they had been temporarily parked. All three of the accounts belonged to other victims of the criminal ring who had been lured into opening them as part of email romantic relationship schemes.

According to a chart prepared by city officials, investigators recovered the funds as they were being moved via checks from the first account, to which the contractor's payment was mistakenly sent via a $491,000 personal check and a $550,000 cashier's check.

City officials showed how funds in the three-story police headquarters phishing scam were recovered.
Screenshot: WTVJ-Ft. Lauderdale

"They located them fairly quick, they froze the funds and then were able to retrieve them back" before they were moved into cryptocurrency or into an overseas bank account, Schultz said at a briefing.

The cyber thieves had collected forms needed for and the steps required for Fort Lauderdale to release the progress payments. "They had all that," said Trentalis.

After an employee of the city's Finance Dept. transferred the funds on September 14th, the finance department notified the police department's economic crimes detectives, and they "immediately began attempting to trace the money," the city police said in a statement issued in January.

There have been no arrests or identities discovered of the cyber crooks behind the stolen and recovered payment, according to a police department spokeswoman.

Fort Lauderdale-based Moss Construction said in a statement issued in January that the company's "systems were never compromised, and our information remained safe and secure.

"The facts are clear: bad actors used our good reputation and standard public information found on a basic internet search to try and cause harm,” said the statement.

As phishing thefts of construction payments have become a problem, some contracts now include fraudulent funds transfer clauses. The clauses may include security measures required, notification rules and allocation of responsibility for lost funds. The U.S. Secret Service advises calling a known point of contact by phone rather than changing banking information via emailing, emailing directly to a known email address rather than replying to a thread and reviewing the email domain name.

In general, other security experts advise great caution if an email, no matter how convincing it appears, asks to change the way or the account to which a payment should be sent.

Deputy Editor Richard Korman helps run ENR's business and legal news and investigations, selects ENR's commentary and oversees editorial content on ENR.com. In 2023 the American Society of Business Publication Editors awarded Richard the Stephen Barr Award, the highest honor for a single feature story or investigation, for his story on the aftermath of a terrible auto crash in Kentucky in 2019, and in 2015 the American Business Media awarded him the Timothy White Award for investigations of surety fraud and workplace bullying. A member of Investigative Reporters and Editors, Richard has been a fellow on drone safety with the McGraw Center for Business Journalism at the Craig Newmark Graduate School of Journalism at CUNY. Richard's freelance writing has appeared in the Seattle Times, the New York Times, Business Week and the websites of The Atlantic and Salon.com. He admires construction projects that finish on time and budget, compensate all team members fairly and record zero fatalities or serious injuries.

Post a comment to this article

Coinciding with the release of the new 2024 Top 400 Contractors list, this annual webinar dives into the results of the Top 400 survey. We'll bring together a panel of executives from the largest contracting firms to discuss the industry’s pressing issues, from workforce challenges to data security.