San Benito County has recovered nearly $700,000 stolen from a recent vendor payment fraud scheme, according to the county Auditor-Controller’s Office.
The recovery of the funds will allow the county to “issue proper payment to the legitimate vendor,” Auditor-Controller Joe Paul Gonzalez said in a Nov. 14 statement.
“This resolution follows rapid coordination between the Auditor-Controller, County Treasurer, our banking institution and law enforcement partners,” Gonzalez’s statement said.
The theft occurred Oct. 15, when a thief or thieves posing as a representative of a contractor doing business with the county was able to convince county staff to send a payment of $696,602. The payment request to the county originated from someone who posed as a worker for Teichert Construction, to whom the county owed money, according to authorities, who have classified the theft as a sophisticated phishing scam.
The board of supervisors on Oct. 21 requested an audit and investigation services from California Controller Malia M. Cohen’s office out of concerns that there might have been even more fraud or theft that has not been detected.
Gonzalez said the incident “underscores how far public finance has evolved from the days of handwritten columnar pads and ledgers.” Modern schemes such as the Oct. 15 theft use AI-assisted phishing and the compromise of email accounts, and the county’s safeguards “must be equally advanced.”
In recent weeks, county staff have taken measures to strengthen its controls against fraud. These include reinforcing department-level verification for all vendor payment claims; establishing real-time communication with the county’s IT department to identify security breaches; working with the county treasurer to evaluate security services offered by the county’s bank; and beginning to assess specialized systems with vendor authentication tools.
Gonzalez added that local residents, businesses and vendors should remain vigilant by taking the following steps:
• Independently verify any request to change payment information.
• Avoid clicking unknown links or attachments.
• Use multi-factor authentication.
• Be cautious of AI-generated impersonation and unusually urgent requests.
• Avoid using the same password for all accounts. Change passwords often.
