Cyber Incident Victim: East Baton Rouge Parish School System

In May 2016, the East Baton Rouge Parish School System fell victim to a phishing fraud resulting in the loss of $46,500 through two unauthorized wire transfers. On May 5 and 6, Chief Business Operations Officer Catherine Fletcher approved transactions to accounts in the Bronx and Brooklyn after receiving emails impersonating Superintendent Warren Drake. The fraudulent messages, sent from [email protected], contained grammatical errors, stilted English, and incorrect punctuation that differed markedly from Drake's authentic communication style. Despite Drake working in an adjacent office, Fletcher did not verbally confirm the requests or question their legitimacy. The scammer's first email successfully obtained a $23,000 transfer, followed by a second $23,500 transfer the next day. Internal controls were compromised as Fletcher processed both payments without required secondary approvals due to the absence of Charles Crochet, who normally provided oversight for such transactions.

The school system discovered the fraud shortly after the transactions and disclosed the incident through a $10,000 special audit conducted by Postlethwaite & Netterville. Financial impacts included partial recovery of $22,261 from the bank and $14,238 through insurance, leaving a net loss of $10,000. The audit documented procedural failures that enabled the fraud and recommended enhanced verification protocols for wire transfers. Superintendent Drake expressed surprise that the scam was not detected earlier given the emails' linguistic irregularities and mismatch with his typical correspondence. No technical system breaches occurred; the incident solely involved social engineering exploiting human verification lapses in financial authorization processes.