School District Scammed Out of $3 Million

In Tennessee, the school district fell victim to scammers, resulting in a loss of over $3 million. In March, an employee in the finance department of the school district Johnson received what seemed to be an official request from PEARSON, a supplier of training materials. However, the sender’s address turned out to be fake – instead of the official domain, scammers used a similar address ending with “.quest”.

The scammers operated under the domain PEARSON.quest, mimicking the official address of PEARSON, a provider of educational resources for online learning. The school employee unknowingly shared bank details with the fraudsters, which led to 2 unauthorized transfers totaling $3.36 million. These funds were intended for the state program supporting school education.

Two weeks later, the district’s bank reported suspicious activity, but by then the money had already been transferred to other accounts. Only $742,000 of the stolen funds could be recovered at that point.

The investigation was taken over by the US Secret Service, who traced the money to bank accounts belonging to 76-year-old Texas resident John Crouson. Crouson confessed to opening the accounts and accepting the transfers. However, he claimed he did so at the request of his fiancée, whom he had only met a few times before she purportedly traveled abroad to resolve inheritance issues from her father. Crowson believed he was assisting her in accessing funds that could not be transferred to US accounts.

Three other individuals revealed that they too had opened accounts to receive money at the behest of individuals they had encountered online. These individuals, referred to as “mules”, unknowingly participate in money laundering schemes. According to the FBI, such schemes often exploit false romantic or trusting relationships established between scammers and their victims, a tactic known as Romance Scam.

These types of scams are commonly associated with Business Email Compromise (BEC) schemes, where attackers use fake or compromised email addresses to deceive companies into transferring funds to fraudulent accounts. In 2023 alone, these schemes resulted in losses of at least $2.9 billion in the United States, as reported by the FBI.

/Reports, release notes, official announcements.