Jan. 25th was a happy day for the city of Fort Lauderdale, Fla., as Mayor Dean Trentalis and Police Chief William Schultz announced in a press conference the recovery of a $1.162-million electronic payment meant for Moss Construction that had been stolen in September via an email phishing fraud.

The FBI, the U.S. Secret Service and the city's police had all worked on the investigation of the diverted money, which was a payment for work on a $100-million police headquarters—a three-story building. 

And unlike another recent construction payment stolen through an email phishing scheme—last year's theft of a $735K payment for a warehouse in Minnesotathis investigation started soon after the funds were diverted.

"The incident," according to a statement from the U.S. Secret Service, occurred on Thursday, Sept. 14, 2023. Six days later the city had announced the theft.

In contrast, the Minnesota phishing theft was not detected for a month, according to court documents in lawsuits and liens generated by that lost payment.

Had more weeks passed, it's possible the money never would have been recovered because the Florida theft—performed by an international criminal ring—was trying to move the funds from the accounts where they had been temporarily parked. All three of the accounts belonged to other victims of the criminal ring who had been lured into opening them as part of email romantic relationship schemes.

According to a chart prepared by city officials, investigators recovered the funds as they were being moved via checks from the first account, to which the contractor's payment was mistakenly sent via a $491,000 personal check and a $550,000 cashier's check.

Chart-of-Fort-Lauderdale-phishing-scam.pngCity officials showed how funds in the three-story police headquarters phishing scam were recovered.
Screenshot: WTVJ-Ft. Lauderdale

"They located them fairly quick, they froze the funds and then were able to retrieve them back" before they were moved into cryptocurrency or into an overseas bank account, Schultz said at a briefing.

The cyber thieves had collected forms needed for and the steps required for Fort Lauderdale to release the progress payments. "They had all that," said Trentalis.

After an employee of the city's Finance Dept. transferred the funds on September 14th, the finance department notified the police department's economic crimes detectives, and they "immediately began attempting to trace the money," the city police said in a statement issued in January.

There have been no arrests or identities discovered of the cyber crooks behind the stolen and recovered payment, according to a police department spokeswoman.

Fort Lauderdale-based Moss Construction said in a statement issued in January that the company's "systems were never compromised, and our information remained safe and secure. 

"The facts are clear: bad actors used our good reputation and standard public information found on a basic internet search to try and cause harm,” said the statement.

As phishing thefts of construction payments have become a problem, some contracts now include fraudulent funds transfer clauses. The clauses may include security measures required, notification rules and allocation of responsibility for lost funds. The U.S. Secret Service advises calling a known point of contact by phone rather than changing banking information via emailing, emailing directly to a known email address rather than replying to a thread and reviewing the email domain name.

In general, other security experts advise great caution if an email, no matter how convincing it appears, asks to change the way or the account to which a payment should be sent.