Hamilton’s Corporate Services and Finance department promises to conduct basic diligence whenever the City receives an email requesting changes to vendor banking and payment information.
This follows the City being defrauded of $274,000 after staff repeatedly changed banking information based upon emailed requests sent by a scammer who compromised a vendor’s email system
In a report by the City’s internal auditors, it is stated:
“In November 2023, the City received an email from a person, posing as a vendor, to change a vendor’s bank account details that were used for electronic funds transfer. The banking changes were processed, diverting any future payments to the fraudster’s account.
A second email was received from the same person in late December 2023/early January 2024, posing as a vendor, to change (again) the vendor’s bank account details use for electronic funds transfer. The banking changes were processed diverting any future payments to the fraudster’s account.”
The scam occurred between November 27, 2023, and January 29, 2024. It was only discovered when the legitimate vendor contacted the City to ask about overdue payments.
The City’s auditor writes, “City employees made mistakes, overlooked red flags, and did not follow due diligence procedures emphasized in fraud-related training provided a few months prior to the fraudulent transactions.”
The funds were diverted to bank accounts in the United States. The City does not expect any recovery.
This is only the latest fraud the City has permitted to occur. In March 2024, the City paid $552,000 to a fraudster after changing bank account information, despite being warned by the legitimate vendor and told not to change any banking information. Making matters worse, the City sent the wrong amount, which ended up in the fraudster’s bank accounts.
The City has committed to conducting basic diligence in the future, including verifying any banking changes with vendors and no longer making changes solely based on emailed requests.
Production Details
v. 1.0.0
Published: May 18, 2025
Last updated: May 20, 2025
Author: Joey Coleman
Update Record
v. 1.0.0 original version
v. 1.0.1 corrected typo sent mistyped as went.
This isn’t the fault of the person who made the mistake, it is the fault of the higher ups who do not make sure staff have proper training, have places to ask questions, have time to ask questions, and have processes and procedures that have been updated and made available. Staff aren’t given the opportunity to share feedback. This is a problem that needs to be fixed from the top.
I agree with the other comments. As taxpayers, we never find out who is responsible, the penalty, the repayment or job loss. There is no accountability but if that was a non-government employee, the investigation and potential charges would be publicized. This city’s leaders are a joke.
The internal auditor states staff made mistakes but were not involved with the criminals.
In the private sector, people may lose their jobs, but the incidents would be kept secret.
This is a truly embarrassing display of incompetence but I don’t blame the workers. I blame the supervisors and employer who set the standards.
Man, how dumb are city staff. I’d be really curious to know who specifically cost the tax payers half a million dollars and if they even lost their job.
This stuff is so basic in accounting practices, due diligence indeed.
Who got fired? No one… Nope. Never… No accountability. Just money gone. No repercussions.