The city of Moline has received a $404,764.59 recovery payment from its cyber liability insurance carrier, Tokio Marine HCC, stemming from a December 2020 phishing fraud incident.

That incident resulted in the city sending two fraudulent wire transfers on Dec. 16 and Dec. 30, 2020 for a total loss of $421,119.86. With the assistance of the FBI and U.S. Secret Service, $6,355.30 was recovered. The recovery payment of $404,764.59 is the remainder, minus the deductible of $10,000.

As a result of the incident, the city reviewed all of its internal control policies with the assistance of its auditors and established several review new protocols.

One such protocol is the IT department sending fake phishing emails monthly to employees. If a phishing email is opened, the employee is immediately provided additional training on recognizing phishing attempts. 

“We continue to be proactive in our efforts to protect the city from cyber fraud, phishing and other scams,” city administrator Bob Vitas said in a Tuesday release. “Protecting taxpayer money is of paramount importance to all who work for the city.”

Due to the scam, wire transfers totaling approximately $420,000 were sent to criminals posing as city vendors in December 2020. The cyber-attack was discovered by city staff in January 2021 when the actual vendor reported it had not received payment. Upon that discovery, both an internal financial and external criminal investigation into the matter were launched.

At the time of the incident, the city said:

  • Moline has insurance in place to cover cyber crime. This limits the exposure to Moline taxpayers to a maximum of $20,000, regardless of whether none, a portion or all of the stolen funds are recovered.
  • As a result of the incident, the city reviewed all of its internal control policies with the assistance of its auditors. This review resulted in the following new protocols:
    • Moline will no longer set up ACH payments for new vendors, only checks will be issued.
    • Existing vendors receiving ACH payments may continue, but NO requests for changes to routing numbers or bank accounts will be made, only cancellation of ACH service will be performed.
    • If an existing vendor requests a change in address via a call or by email, City staff will call the vendor back to verify the request for change, with the contact information we already have on file. No exceptions will be made.