Cyber Incident Victim: Shiawassee County
Date:
May 2018
Location:
United States of America
Summary
A phishing scam deceived a Shiawassee County financial administrator into mistakenly wiring $50,000 to an overseas bank account. The employee, believing she was responding to a legitimate request from the county board chairman to pay a bill, authorized the fraudulent transfer, leading to the financial administrator's subsequent resignation following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In June 2018, Shiawassee County, Michigan, experienced a financial loss resulting from a phishing attack. County Financial Administrator Patricia Fitnich received a fraudulent communication appearing to originate from Shiawassee County Board of Commissioners Chairman Jeff Bartz. The message instructed Fitnich to process a payment, which she authorized via wire transfer on Tuesday of that week. This transaction routed $50,000 of county funds to an overseas bank account controlled by scammers. County Coordinator Michael Herendeen confirmed the incident occurred when Fitnich misinterpreted the phishing attempt as a legitimate request from Chairman Bartz. The fraudulent transfer was executed through standard financial channels without additional security verification. Fitnich had served as financial administrator for approximately two years prior to the incident. No technical details regarding the phishing vector (email, phone call, etc.) were disclosed in available reports. The transaction represented a direct financial loss with no indication of secondary compromises to county systems or data repositories.
The $50,000 wire transfer constituted the primary immediate impact of the security breach. Within days of the incident, Patricia Fitnich resigned from her position as county financial administrator, marking a significant organizational consequence. County officials publicly acknowledged the fraudulent transfer but did not disclose whether recovery efforts were initiated to retrieve the funds. No law enforcement investigations or legal actions were referenced in available documentation. The incident exposed vulnerabilities in the county's financial authorization protocols, particularly regarding wire transfer verification procedures. Chairman Jeff Bartz's apparent impersonation suggested attackers possessed specific knowledge of county leadership structures. No subsequent security improvements or policy changes were documented in the immediate aftermath. The resignation created an unexpected vacancy in a key financial oversight position during ongoing county operations. Financial losses remained confined to the single fraudulent transaction amount without evidence of additional compromised accounts or follow-up attacks.