Why the city of Fresno kept silent about losing $600,000 to a phishing scam

Fresno city employees wired a large sum of money, then another, thinking the funds were going to a contractor building a police station.

Those payments never reached the contractor.

The city was a victim of wire fraud. But it would take two years for the truth to come out.

Fresno had lost more than $600,000 after falling victim to a phishing scam in 2020, but it kept the loss secret from the public until recently — which city officials said was done to protect a federal investigation.

The figure announced Thursday represented a large increase from a $400,000 loss reported earlier in the week, a discrepancy Fresno Mayor Jerry Dyer said was due to an incorrect amount cited in a City Council member’s email.

“It’s a lot of taxpayer dollars that were stolen from us. And we haven’t given up on trying to recover those dollars,” Dyer told reporters in a news conference last week.

Dyer addressed other inconsistencies that have since emerged since the Fresno Bee first broke the story of the fraud, which was based in part on emails provided by Fresno City Councilman Miguel Arias.

Rather than originating in Africa, as Arias reported, the suspected fraudsters are in the United States, the mayor said.

Dyer said several city officials were told the fraud involved an out-of-country bank account. He said it was only after speaking to an FBI agent the night before the conference that he learned the accounts are in the United States.

Last week, Arias told The Times that he felt it was time to inform the public after two years of silence.

“We must now, for the purpose of public transparency with our taxpayers, confirm that we were victims of wire fraud,” Arias said on Wednesday afternoon shortly after the news broke.

Much of the underlying case that began in early 2020 was affirmed, and expanded on, by the mayor.

In January 2020, Fresno officials wired roughly $324,473 to who they believed was the contractor building a new police station in the city. Less than two months later, in early March, the city sent another $289,254. All told, it cut $613,727 in electronic payments.

The invoices looked identical to previous ones, except for one crucial aspect: the account number where the money would be sent was different, Dyer said

“Everything else was exactly the same, which is why it did not cause any suspicions at that time,” Dyer said.

In April, the real contractor threatened to walk off the job for lack of payment. Several city officials were informed by the public works director that wire fraud had occurred.

Around that time, the matter was referred to the Fresno Police Department. The case was turned over to the FBI in November when it was determined that the fraud was part of a widespread operation targeting municipalities across the country.

The FBI, he said, discouraged public disclosure while the investigation went forward.

Federal agents asked for silence “for fear that it would hinder their investigation because they had good leads at that time,” Dyer said. “And it could also impact the ability to be able to recover any of the funds that were taken not only from the city of Fresno but also other agencies that had been victimized.”

At least two other cities were targeted in the scheme, including one that lost twice as much as Fresno did, according to Dyer, who would not identify the cities.

Dyer said he did not learn of the case until a month prior to stepping into his role as mayor in 2021. The phishing scam occurred during the administration of Mayor Lee Brand, Dyer’s predecessor.

Shortly after assuming office in January, Dyer relayed the news in a closed session to the City Council, which had not been informed.

“First of all, I was shocked, because of the occurrence,” Arias said of his reaction to the 2021 briefing. “Secondly, I was angry — that [the council], which is responsible for financial oversight and contracts, and is responsible to the public, would have been kept in the dark for that long.”

Arias last week said he did not believe those behind the scheme would be brought to justice or that the city would see its stolen money — which Dyer pushed back on in his recent news conference.

Dyer said suspects were identified and he expected “some form of resolution soon.” However, he said the release of confidential information may have thrown a wrench in the efforts, calling it “quite embarrassing.”

“It serves to not only perhaps compromise a federal investigation and the recovery of funds by these entities, but it also causes us to perhaps lose trust” from allied agencies, he said.

Dyer said he will be “much more cautious” in sharing confidential information, including in closed session with the council.

Arias did not respond to a request for a follow-up interview this week. Dyer declined to comment beyond the news conference.

The Bee in its initial report said that the city rejected a public records request regarding the fraud in December, but the newspaper later obtained emails dating back to before the records request.

Those emails, the Bee reported, were between Arias, former City Manager Thomas Esqueda, City Controller Michael Lima and City Atty. Doug Sloan discussing the fraud.

According to the Bee, Arias asked Lima and Sloan in a Dec. 1 email, “What is the status of the payment we made to prince in Africa… Did we get our money back?”

Arias confirmed the emails, but did not immediately provide a copy of them. Arias said he was not aware of the substance of the record’s request or that it had been denied until he was approached by a reporter from the Bee.

When the city manager told Arias during the email exchange that less than $2,000 was recovered, and the case was still pending, Arias said, “My follow up to him was...’Where are we going to recognize that loss in the budget process?’”

Dyer, in an interview with KFSN-TV, said the records request didn’t turn up information because it asked for documents containing the term “wire fraud.”

“That email did not contain the words ‘wire fraud,’” he said.

Funds to cover the lost money were taken from the city’s general fund, according to Arias. It was added to the budget for the new police station, which was completed last year.

“Essentially, this police station cost us an additional $400,000 that we weren’t expecting,” Arias said.

The city receives thousands of emails a day, including a smattering of spam, phishing scams and other potential attacks, according to Arias. To address this, he said, the city in 2020 invested an additional $10 million in its information technology infrastructure. And the following year, the city added more IT personnel, including financial analysts and risk management analysts.