Detectives: County lost $195,000
By WILLIAM SNOWDEN Editor
An administrative report by Wakulla County Sheriff’s detectives, obtained by The Sun, indicates that Wakulla County was defrauded of $195,000 intended to pay the vendor rebuilding the pier at Mashes Sands.
The Sun initially reported on the missing payment back in May. The report relied on several sources close to the matter, none of whom wanted to speak on the record until the criminal investigation is complete. County officials at the time disputed the accuracy of the story, contending the county was not out the money.
The administrative report says “the county still remains at a loss of $195,000” and the vendor, Shoreline Foundations, has not been paid.
The criminal part of the investigation is still ongoing, with at least two suspects under investigation in Texas and the Department of Justice assisting, according to the administrative report, which was closed last week.
In April, the Wakulla Clerk of Courts reported the missing payments to the sheriff’s office and an investigation was opened.
According to the report, the clerk’s Finance Director Steven Baird said the county received an invoice for payment in the amount of $195,241 from Shoreline Foundations – the Pembroke Park-based vendor that was rebuilding the Mashes Sands pier that was damaged by surge from Hurricane Michael. The company requested the first payment be made by check and sent by FedEx to a Truist account. Before sending the check, the county received an email purported to be from Shoreline that requests the payment be sent via Electronic Funds Transfer to the same Truist account. Then came subsequent emails supposedly from Shoreline requesting EFT payment to a Chase Bank account instead, saying the Truist account was being audited and couldn’t accept EFTs.
The EFT payment of $195,000 was sent to Chase Bank on April 1. A second invoice of $311,220 was submitted and the county paid by EFT on April 18.
Shoreline later contacted the county and asked why neither payment had been made.
The county contacted Chase and the bank was able to pull back the $311,000 payment, but too much time had passed and the $195,000 payment was gone.
Detectives traced the wired money to a bank account in Houston, and have identified two people who made ATM withdrawals – two withdrawals of $3,000 at a Chase Bank ATM and eight more withdrawls totaling $8,000 at a Walmart north of Houson. WCSO is working with the Department of Justice and the Harris County Sheriff’s Office and Houston Police to verify the subjects information.
The administrative report also notes that Shoreline President Royo, no first name given, had a filter put on his email account that routed emails from Wakulla to his junk mail – presumably, this is how the thieves bought themselves time to receive the wired money without being detected.
An FDLE agent working with the FBI Cyber Crimes Unit was able to determine that Shoreline’s email fell prey to a phishing scheme using spoof domain names, including kroyo@shoreliinefoundation.com – which had an extra “i” in shoreline.
Thus far, the county has not made another payment to replace the $195,000 to Shoreline, nor has the county filed an insurance claim. The matter may be headed for a lawsuit.
CALL BETWEEN COUNTY OFFICIALS, DETECTIVES
When the original story came out in May, The Sun relied on sources close to the matter who said that, during an online conference call between county officials and detectives, County Administrator David Edwards “insisted there was no need for a criminal investigation and that the matter could be handled internally. According to numerous sources, he was reportedly very strident in his objection.”
Edwards was upset by that reporting and told The Sun after the story came out he was in fact pushing for a criminal investigation by the Broward County Sheriff’s Office, where Shoreline is based, and by FDLE and the FBI. He added that he could produce five county staffers who were on the call to support his claim.
The administrative report indicates that Edwards “attempted to dismiss Detective Sgt. Sauls and Detective Ormerod by stating he wasn’t sure he really even wanted a report to be written. Administrator Edwards told Detective Sgt. Sauls he could leave and that if he decided at a later date that fraud had occured, he would contact” the sheriff’s office.
(Told this was in the report, Edwards said he was referring to the investigation that came to nothing a year earlier about an $18,000 EFT payment by the county for insurance that was lost.)
In the report, Sauls responded that the sheriff’s office would investigate and owed it to taxpayers to determine what had happened to the money.
County Attorney Heather Encinosa then said an investigation should be done as the county may need to make an insurance claim, the report said.
Edwards replied that he didn’t want the county listed as a “victim” in the investigation because it would mean the county was still obligated to pay Shoreline and he did not intend to make more payments. It was suggested the county simply be listed as “complainant.”
The conversation then moved to talking about Shoreline: Baird noted he’d found information that the company had been federally indicted for submitting a false invoice, and expressed suspicion that the company might be “double dipping.”
It was recommended that Baird tell Shoreline about the active criminal investigation and that any payments were on hold pending the investigation. It was also suggested that Shoreline should conduct an audit of their cyber systems.
According to the report, Edwards then “began loudly and forcefully expressing his opinion that it made no sense to tell Shoreline anything, that they were probably involved.” He said the sheriff’s office should call in the FBI and Broward Sheriff’s Office to immediately have Shoreline’s servers seized and the president of the company arrested.
Sauls asked if any of the people on the call had any evidence at all suggesting Shoreline was a possible suspect. “After receiving no response, Detective Sgt. Sauls suggested not making accusations without any actual evidence.”
The meeting ended with Sauls saying it was a sheriff’s office investigation.
SECOND EFT PAYMENT LOST BY COUNTY
The administrative report confirms the Shoreline incident is the second time the county has lost an EFT payment.
Back in May 2021, the county made two payments of $9,200 for employee insurance and realized a problem when the insurance company got in contact to ask why the premiums for the past two months hadn’t been paid.
The county then became aware that a computer had been compromised and emails were hacked.
Cyber experts reviewed the materials and determined the email had been hacked from servers in Africa.
The county filed a claims with its insurance company and recouped the $18,000.
RECOMMENDS COUNTY REVIEW POLICIES
The administrative report notes that, while the phishing email in the Shoreline case was not directed through Wakulla County government, it suggests “there is a direct need to address the current security of Wakulla County’s computer technology.”
The report suggests an independent audit of computer and security protocols, strengthen firewalls and malware intrusion.
Another recommendation is for the county to enact a written policy governing electronic payments. “Establishing a payment policy would decrease the likelihood of funds being paid to an unintended bank account.”
The report recommended the county should notify the payee by telephone call or in writing to verify any changes for the payment process.
“To reiterate, it was concluded by cyber crime experts that Shoreline Foundation was the victim of Business Email Compromise. Wakulla County government was able to retrieve $311,220.75 from Chase Bank. The county still remains at a loss of $195,241.20 from the first payment” made to the bank account in Houston, the report states.