Dallas – Dallas County has been victimized by cybercrime, costing county taxpayers $2.4 million.
On Tuesday, Dallas County commissioners were briefed privately on possible fraudulent payments sent after a county employee received a fake email message impersonating one of the county's partners.
The CBS News Texas I-Team has learned the email is a request for payment from one of the county's vendors. In reality, this was a phishing email that ultimately convinced county officials to send him over $2 million.
A statement from Dallas County Executive Darryl Martin said the county became aware of the incident on Nov. 17 and turned over all evidence to the FBI.
State law requires all government employees to undergo cybersecurity awareness training. This training includes how to spot phishing emails.
“They're being taught that (cyber criminals) can change the name of an email address and what to look out for,” said cybersecurity expert Ben Singleton. Singleton's Arlington cybersecurity company NetGenius is his provider of state-certified cybersecurity training.
“I don't think the recipients of this email in Dallas had that kind of training. They would have known what to look for,” Singleton said.
The I-Team asked county officials whether the people who received the fraudulent emails had undergone state-mandated training. As of Tuesday evening, the county had not responded to questions.
In October, hackers gained access to Dallas County's network and stole data. Cybercriminal organization Play threatened to post the data on the dark web.
Dallas County says the incident is not related to the October cyberattack.
