The City of Baltimore made more than $1.5 million in fraudulent payments to a scammer who successfully spoofed a vendor and tricked city employees into changing the contractor’s bank account information, the city’s inspector general said.
In a post mortem of the incident, Baltimore Inspector General Isabel Mercedes Cumming said the city’s accounts payable department had failed to implement corrective measures after previous incidents of fraud and did not have proper protections in place to verify supplier details.
In December 2024, the fraudster submitted a supplier contact form using the name of a legitimate company employee to gain access to the vendor’s Workday account. The person the fraudster was impersonating did not have access to the company’s financials, and the email they provided was not a company-issued address. Nevertheless, an employee within accounts payable did not contact the vendor to confirm the person’s identity…