By Andrea Stevens
AFRO Staff Writer
astevens@afro.com
Baltimore City has experienced a major fraud attack, totaling the loss of $803,000. A scammer, posing as a legitimate vendor representative, successfully manipulated city employees into allowing payments to be rerouted to fraudulent accounts. Baltimore City Comptroller Bill Henry gives insight on the situation.
โThis wasnโt really a cyberattackโit was an old-fashioned con that used electronic funds transfers as the delivery method. The scammer gained the employeesโ trust over time, convincing them they were someone they werenโt,โ Baltimore City Comptroller Bill Henry told the AFRO.ย
City officials have emphasized the importance of transparency in addressing the fraud scheme, clarifying the actual financial impact of the incident. While initial reports suggested a total loss of $1.5 million, only one fraudulent paymentโtotaling $803,000โwas successfully processed. A second attempt for $721,000 was flagged as suspicious and ultimately blocked.
โThe Inspector General had previously recommended a multi-factor authentication process to prevent this exact issue, but it was never implemented. Now, after this painful lesson, we are making it a priority,โ stated Comptroller Henry.
Years earlier, the office had advised adopting new authentication for vendor banking changes, a safeguard that was overlooked after accounts payable responsibilities shifted to the Comptrollerโs Office. The oversight created a vulnerability that the scammer was able to exploit. Now, officials are working to ensure that past recommendations are fully implemented to prevent similar security lapses in the future.
โGoing forward, weโre implementing a multi-factor authentication process, requiring contact with multiple officials inside any vendor attempting to change banking information,โ said Comptroller Henry.
Baltimore City officials are also emphasizing the need for increased employee training on fraud detection and financial security. Staff members handling vendor transactions will receive enhanced guidance on recognizing social engineering tactics used by scammers, such as impersonation and gradual trust-building. By equipping employees with better awareness and stricter verification procedures, the city aims to minimize vulnerabilities that could be exploited in future schemes.
โThereโs a need to improve communication across agencies. The Inspector General already identified this problem once, and now itโs our responsibility to ensure those recommended safeguards are actually put in place,โ stated Comptroller Henry.
The Comptrollerโs Office is also working closely with federal authorities to recover stolen funds and identify the perpetrator. The investigation remains ongoing, and officials are reviewing internal processes to identify additional weaknesses that could be addressed. The fraud has prompted city leaders to reexamine their vendor payment policies and implement best practices used by other municipalities to enhance financial security.
โWe donโt know if we were the only ones targetedโthis same bad actor could be attempting to scam multiple cities with the same vendor, and unless they go public, we wouldnโt know,โ stated Comptroller Henry.
City leaders acknowledge that while fraud attempts are an ongoing threat, strengthening internal processes and improving communication across agencies will be critical in preventing future breaches. They urge city employees to remain vigilant, follow new verification procedures, and report any suspicious activity to ensure financial security across all city departments.