Nassau County’s comptroller came under attack Wednesday for a scam in which the county temporarily lost $710,000, though his office has imposed strict controls on an emerging problem that affects governments nationwide, the comptroller said.
Comptroller Jack Schnirman told county legislators at a hearing that the Oct. 25 “phishing” scam was typical of what governments, schools and businesses are confronting in the cyber age.
“We have improved our controls from Day One in office," he said. “We are continually improving them and yet we all must remember to be vigilant because we are always vulnerable, just as municipalities are around the country.”
But Legis. Howard Kopel, head of the Legislature’s finance committee, accused the comptroller’s office of mishandling the cyber ripoff.
“The controls are clearly inadequate,“ Kopel said.
“This was a matter of luck” that the county retrieved the money, he said. "The bank caught this. They didn’t catch it. We had an incompetent crook. And that’s the reason the money got returned to the county.”
Nassau County police announced earlier this month that the county was targeted by a fake company pretending to be an existing county vendor that said it was due payment to a new account.
The scammers filled out all the necessary paperwork designed to prevent theft and offered a fraudulent check as evidence of the new account, police said.
The money was directed to an elderly woman’s account in Seattle and then redirected to several different accounts, which were identified and frozen by investigators to seize the funds.
No arrests have been made in the case.
The phishing scheme targeted as many entities as possible around the country hoping for someone to fall prey to the plot, police said.
Other cyberattacks on Long Island have targeted school districts in Lynbrook, Mineola and Rockville Centre. Rockville Centre school officials paid nearly $100,000 after their server was hacked and locked behind a ransomware virus.
Meanwhile, Suffolk County Executive Steve Bellone on Wednesday said the county was taking steps to prevent an attack.
The results of Suffolk’s first cybersecurity risk assessment included a recommendation for cybersecurity awareness training for all county employees, he said.
It also called for the expansion of Suffolk’s cybersecurity working group to include representatives from the Nassau comptroller’s office to enhance intelligence sharing.
Earlier this month, the Suffolk County Department of Health Services foiled a cyberattack attempt to reroute an employee’s paycheck via direct deposit to a bank account controlled by the scammers, officials said.
Schnirman also said Nassau experienced another cyberattack in December on a much smaller scale, but it was quickly resolved.