The Washington PostDemocracy Dies in Darkness

D.C. wired nearly $700,000 to scammers posing as city vendor, officials say

The office of D.C. Chief Financial Officer Jeffrey S. DeWitt is in the Wilson Building.
The office of D.C. Chief Financial Officer Jeffrey S. DeWitt is in the Wilson Building. (Susan Walsh/Associated Press)

The Treasury Department is investigating the theft of nearly $700,000 from the D.C. government in July by scammers who successfully impersonated a city vendor and had the money wired to their bank account, city officials said.

The fraud, disclosed by D.C. officials in response to questions from The Washington Post, has led to beefed-up security protocols in the office of D.C. Chief Financial Officer Jeffrey S. DeWitt. David Umansky, a spokesman for the chief financial officer, said that the Treasury investigation is ongoing and that none of the city’s money has been recovered.

Treasury officials, who are involved in the case because bank fraud is a federal offense, did not respond to a request for comment.

The investigation comes at a time of heightened awareness over cybercrime in the sphere of politics and government. Last week, the Justice Department charged a Russian woman who prosecutors say was conspiring to interfere in the 2018 U.S. election, and fears persist of the vulnerability of state voting systems to hacking by a hostile foreign government.

A look at election interference in the 2018 U.S. midterm elections

In late July, the D.C. government network was targeted by multiple and possibly coordinated email phishing attacks, according to the city’s chief technology officer. Those attacks were not successful but were reported to federal authorities, city officials said.

That spate of attacks was not related to the fraud involving vendor impersonation, said Mike Rupert, a spokesman for the chief technology officer.

Umansky said no D.C. government systems were compromised during the theft, which resulted from the District not detecting a fraudulent email address that a hacker created after gaining information from the systems of a vendor.

Using the email, the hacker asked that the city begin processing vendor payments through electronic transfer rather than checks. The city then paid several outstanding invoices to the new account the hacker had specified.

A letter obtained by The Post indicates that the vendor was Winmar Construction and that the payments were related to a design-build contract for a permanent supportive housing facility for the homeless.

Justice Department charges Russian woman with election interference

Winmar Vice President Kelly Markland wrote the Aug. 1 letter, informing the chief financial officer’s accounts payable supervisor of the problem. Markland said the email address of the company’s controller was “fraudulently mimicked” by “an unknown ‘hacker.’ ”

Umansky confirmed the letter’s authenticity.

The hacker created a bogus email address by altering a single letter in the firm’s domain name, Markland said, and then used the address to communicate with the D.C. Department of General Services. Three payments that totaled $690,912.75 were wired to a Bank of America account in New York, the letter states.

Markland said the company had “taken additional steps via our IT department to track the offending party and have reported this incident to the FBI.”

Winmar executives did not respond to requests for comment.

Umansky said the city’s processes for dealing with vendor payments had “been modified to require additional confirmation before changing bank information.” He said no similar incidents have been discovered.