CONWAY, SC (WBTW) – Coastal Carolina University is working with multiple law enforcement authorities to investigate and attempt to retrieve more than $1 million stolen from the university through a phishing scam.
According to a press release from CCU Associate Vice President of University Communications Martha Hunn, the university notified its Department of Public Safety and subsequently the South Carolina Law Enforcement Division (SLED) and federal law enforcement agencies immediately after discovering that scam artists were impersonating vendors who contract with CCU. Based on the investigation, which is ongoing, the fraudsters appear to be highly skilled and organized in the U.S. and other countries abroad.
“We want for the community, other organizations and businesses to be aware this occurred so they can shield themselves against this kind of fraud,” said David A. DeCenzo, president of Coastal Carolina University.
The first incident occurred on Dec. 9, 2016. An individual who claimed to represent a company under contract with the University contacted CCU financial services via email and requested to change the company’s bank account information.
Fraudsters provided what appeared to be official documents that included the company’s logo, tax ID numbers and names of company officials. A university employee checked the information and then fulfilled the request.
The university notified the company that payment of an invoice was being processed on Dec. 13. A theft of approximately $839,000 was discovered on Dec. 20 when the company notified CCU that the funds did not arrive in the company’s bank account.
A second incident was discovered of a similar nature occurring in the same time frame in which $340,000 was stolen. The investigation continues involving multiple law enforcement agencies.
The university immediately contacted its bank to stop payment and start the process of recovering the funds. CCU then launched an investigation through its Department of Public Safety, which enlisted the assistance of SLED and federal authorities. These law enforcement agencies focused on reversing the transfers, which has resulted in the recovery of more than $564,000 thus far, the release states. Efforts to recover funds are ongoing.
“Thanks to quick action and the ‘kill chain’ process initiated by federal authorities, a significant amount of funds are being recovered,” said David Roper, chief of the CCU Department of Public Safety. The “kill chain” is a tool federal authorities use to freeze funds, following assets bank-to-bank. This gives the wire fraud victim an opportunity to involve law enforcement so an investigation can be launched and money can be recovered.
The release goes on to say that CCU brought in external auditors on Dec. 20 to investigate and to review finance control procedures and policies. CCU also made an immediate change in procedures requiring that an additional reviewer examine all requests for modification of bank account information.
CCU officials say the university is reviewing all procedures and making the necessary changes to ensure this type of scam doesn’t happen again. In addition, cybercrime safeguards are being initiated for further protection.
“No state appropriations or tuition funds will be used to cover the net loss to the University,” DeCenzo said. “We understand the enormous responsibility we have to protect the University and its financial integrity. I am committed to working closely with law enforcement agencies as these crimes are investigated to the fullest degree. We will do everything in our power to resolve this very unfortunate circumstance so that CCU can move forward stronger than ever.”