HELENA — Montana Department of Agriculture leaders say they’ve changed their policies to address phishing attacks, after a scammer stole more than $344,000 from the department.
“This is highly, highly prevalent,” said department director Christy Clark, during a meeting of the Legislative Audit Committee Wednesday. “Although I don’t enjoy being made an example of, I’m very hopeful that people will be more cognizant of how extraordinarily good these fraudsters are and how vulnerable we really are.”
The attack, which occurred in October 2020, was initially revealed in an audit released last month. During Wednesday’s meeting, the department shared more details about what happened with lawmakers.
Cort Jensen, the Department of Agriculture’s chief legal counsel, said the money was from the Montana Pulse Crop Committee – checkoff funds collected from farmers who grow crops like peas, lentils and chickpeas. It was intended as a payment – one of several typically made each year – to the USA Dry Pea and Lentil Council, a nonprofit in Idaho that represents the pulse crop industry.
Jensen said the scam was a sophisticated “man-in-the-middle” attack, in which the scammer intercepted messages between a department staffer and the council for an extended period. When the time came for the next payment, the attacker sent a message of their own, saying they wanted to switch to a different bank account. Authorities were able to stop one payment from going through, but not a second.
Clark, who was not director at the time of the attack, said the department now requires confirmation over the phone before accepting new bank information.
“The staff person has to contact that company directly, and it has to be two people that know each other,” she said.
Jensen said the state has cybersecurity insurance on the account, so the stolen amount was covered. He said other state agencies are also adopting additional verification when changing banking.
“Basically, we figured out how to fix one hole in the system,” he said.
The Montana Department of Justice’s Division of Criminal Investigation is still investigating the theft.
“This incident was determined to be a business email compromise scam, which often originate overseas,” said Kyler Nerison, a DOJ spokesperson, in a statement to MTN. “This case fits that fact pattern.”
The DOJ shared information from the FBI on how to identify and protect against this type of scam.
Clark told lawmakers phishing attacks appear to be increasingly common. In one case, an employee received a text message posing as Clark herself, asking them to purchase gift cards. Clark said they’ve stepped up their education on how employees should react if they believe they’re being scammed.
“I think when people do fall for these scams, they’re ashamed and they don’t want anybody to think that they messed up and made a mistake, and so they’re reluctant to report those,” she said. “So we’ve just had much more open conversations and collaborative conversations.”