The Montana Division of Agriculture didn’t totally adjust to reporting necessities in 2020 after a web-based phishing rip-off led to the theft of greater than $344,000 and one other tried theft was thwarted previous to an alternate of $1,000 in funds, a legislative audit report has discovered.
The Montana Legislative Audit Division launched a monetary compliance report on the division this month. Auditors recognized three points with accounting or reporting practices and issued suggestions to deal with these issues.
The division concurred with all three suggestions.
In October 2020, a scammer impersonating a grant recipient obtained $344,000 in an electronic mail phishing assault. A phishing assault happens when a scammer purports to be a unique individual or entity conducting respectable enterprise in an effort to trick the sufferer into offering cash or info.
Individuals are additionally studying…
The division notified its chief lawyer, then-Gov. Steve Bullock’s workplace and the Division of Administration’s Tort Protection and State Monetary Companies Division.
“The hacker tried to obtain two grant funds from the division,” the audit states. “The division was in a position to cease the primary cost, however not the second. The Division of Administration modified state coverage in response to this case.”
A separate phishing rip-off occurred in April of 2020. In that incident a state worker bought $1,000 in reward playing cards, later turning into suspicious and informing a supervisor. The reward playing cards have been refunded, in response to the audit.
Auditors discovered that the division didn’t totally adjust to state legislation in response to the scams. The legislation requires notification of each the lawyer basic and legislative auditor in writing, “upon the invention of any theft, precise or suspected, involving state cash or property underneath that company’s management for which the company is accountable.”
In each instances, the legislative auditor was not notified. Division of Administration officers did notify the lawyer basic of the October phishing rip-off and theft. Agriculture officers advised auditors they contacted the lawyer basic as nicely.
Division of Justice spokesperson Kyler Nerison stated Friday the rip-off was categorized as a “enterprise electronic mail compromise rip-off,” described equally to a phishing assault. He offered a hyperlink to the FBI’s web site, which calls the rip-off “probably the most financially damaging on-line crimes.” An investigation stays open into the theft with DOJ’s Division of Prison Investigation, he stated.
The businesses advised auditors they didn’t imagine notification was essential for the April phishing assault as a result of it was not profitable.
Auditors countered that state legislation additionally “requires the notification each time theft is suspected,” and really helpful the company adjust to theft reporting necessities.
Auditors additionally discovered points with accounting within the division’s grant account for its wheat and barley program. Lastly, antiquated software program did not flag overpayments for sure permits and licenses, and refunds have been solely issued if requested in writing. Auditors really helpful modifications to right these points.
In an August letter accompanying the audit, division Director Christy Clark concurs with the audits findings and proposals.
“Previous to this calendar year-end, we intend to place revised division insurance policies into place to make sure these oversights should not repeated sooner or later,” she wrote. “The Division Of Agriculture is dedicated to complying with state legal guidelines and accounting insurance policies, in addition to strengthening our inside controls.”
The Day by day Montanan was first to report on the audit.
Tom Kuglin is the deputy editor for the Lee Newspapers State Bureau. His protection focuses on open air, recreation and pure assets.