Part of this report was first reported on www.tetonvalleynews.net on Monday, Jan. 7.
Teton School District Superintendent Monte Woolstenhulme said at Monday’s meeting that he was made aware at 2:30 p.m. that afternoon from the FBI that $484,000 of the $784,000 lost to fraud will likely be recovered.
In a tearful report, Woolstenhulme “deeply apologized” to the community adding that he was “devastated,” “angry” and “hurt” over the case that found more than three quarters of million dollars in bond funding sent to fraudulent bank account.
The Monday meeting was set as a work meeting to discuss student achievement measures, but after a public push to set a designated time to discuss the fraud case, the school board opened the meeting up at 6 p.m. to 13 members of the public and more than 80 live-viewers who watched as the meeting was streamed through the district Facebook page.
Community members struggled to understand how, even after a 2017 email fraud that drained the district of $20,000, could this happen to the district again. School board members tried to explain in detail the safeguards they had in place to ensure that the bond payments that are building two new schools and renovating two others, are made, but it was clear that board members were not completely certain how the safeguards failed the district.
Monday morning, in an interview with the Teton Valley News, Woolstenhulme acknowledged that prior to receiving the fraudulent email that caused the district to lose $784K of bond funding, he and district business manager Carl Church had discussed making construction payments to Headwaters Construction electronically.
Church, who resigned after it was discovered that $784K of bond funding had been paid to a fraudulent account, made the decision on his own and without verification from Woolstenhulme or Headwaters that the money would be paid out online, according to school board chair Chris Isaacson. The invoice to Headwaters had been approved by a variety of players including Woolstenhulme and GPC Architects, but the final step, the payment, had not been made up until the bogus email appeared in Church’s email account.
Normal protocol for construction payments included a three person verification of a paper check, said Isaacson last week. Those three people included herself, Church and Woolstenhulme.
In a follow up question to the board Monday, the Teton Valley News asked whether the board knew if Church had called the Bank of Commerce to extend his authority to cover the $784,000 payment. The board was unaware of the call, but Woolstenhulme said he knew that Church had made a call to the bank.
On Thursday, Dec. 20, Teton County Deputy Andrew Sewell responded to the call from the district regarding the fraudulent payment. Sewell is currently working closely with the FBI on the case. He said on Monday that two emails that looked like they were from Headwaters Construction were sent to Church asking for an electronic payment. Sewell said that the first email that Church received looked believable and it was easy to see how Church would assume that the email was real.
Sewell said the second email to Church was more suspicious in nature with grammatical mistakes in the body of the email. Sewell added that it was clear that Headwater’s email account had been hacked and the fraudster was posing as a real accounts payable employee from Headwaters. In Sewell’s initial interview with Church, he said that Church knew that bond payments were made by paper check, but also said that electronic payments had been discussed prior to receiving the fraudulent email.
Sewell said that Church is not a suspect in the case and is the victim of fraud.
“It was a believable scam that he fell victim to,” Sewell said. “Looking into it, it’s one of those things where people need to be a lot more vigilant when paying online. Even small red flags, people need to stop and verify information.”
Church had fallen victim to the fraud payout in 2017. Sewell had also responded to that call from the district. In that case, Church responded to a phishing email from someone posing as Woolstenhulme. Sewell said, “That was a good learning experience, in my opinion, because that was an obvious scam.”
Sewell, who does receive cyber security training through Teton County, said that despite his training, the fraudulent email that Church fell prey to two weeks ago was harder to detect than the one in 2017.
“If you are uncomfortable, don’t open suspicious emails,” cautioned Sewell. “This one didn’t look suspicious. This one, in my opinion, I don’t think trainings are going to help in this situation. But if you see a red flag, even a small one, it doesn’t hurt to call or even drive ten miles down the road to check.”
Woolstenhulme said on Monday that despite Church falling victim to email fraud in 2017, he had full faith in the business manager’s ability to do his job. Woolstenhulme said that looking at the email that Church had engaged with, it, “appeared legitimate when you first get it,” he said. “if you are looking at it quickly, it looks like a standard email.”
Woolstenhulme said that the fraudulent email came the Friday before it was discovered the money had not been paid to Headwaters. The money was processed through the Bank of Commerce on Monday, Dec. 17 and in a follow-up call with Headwaters on Thursday, Dec. 20, that’s when it was discovered that the email was fraud.
Because the investigation is ongoing, Sewell could not provide more details, but did add that the FBI thought the fraudsters were state-side.
The school board will meet again for their regular monthly meeting on Jan. 14 starting at 5 p.m. The board planned to have the fraud case on the agenda at that time. The meeting will also be live-streamed on the district’s Facebook page.