Law enforcement is investigating a phishing email that led to tens of thousands of taxpayer dollars being fraudulently transferred.
According to the San Antonio Express-News, Nueces County, Texas officials reported that the local government lost about $2 million after falling victim to an email phishing scam. In response, the county has frozen all wire transfers and is requiring residents to make payments using paper checks.
Sheriff J.C. Hooper confirmed his department has been investigating the case for about a week and that federal authorities are also involved. He described the incident as money “being sent to the wrong place” rather than a direct system breach.
The county’s Risk Management office initially thought the loss was smaller, around $58,000, but further investigation revealed the true scale of the fraud.
The exact method of the phishing attack has not been disclosed, but it reportedly originated via email and impacted at least one department within the Nueces County Courthouse. The county’s IT team is clearing affected machines and is on heightened alert for any additional suspicious activity.
While this incident is currently believed to be isolated, it follows a broader pattern of financial irregularities uncovered during a forensic audit of the county’s operations. That audit revealed $3.75 million in unauthorized transfers to the county’s health insurance fund and led to the removal of former County Auditor Grayson Meyer. Interim executive auditor Constance Sanchez has since been appointed and is aware of the recent phishing case.
Judge Scott stated that although the auditor’s office was not involved in the phishing scam, policy and IT security reviews are underway to tighten protocols around digital transactions and email verification.
“We are working with the bank and the investigation to recoup that one check, and IT has been made aware of it,” said Judge Scott. She acknowledged the need for stronger verification procedures, noting that while cybersecurity training is in place, it may not be enough when it comes to financial processes.
“From the way I understand it, these people and companies are getting really good at creating fraudulent accounts and emails,” she added. “It’s always going to be an issue, and they’re getting better at it every year.”
Phishing scams involve fraudulent messages, often emails, designed to trick recipients into revealing sensitive information or authorizing financial transfers. These emails typically impersonate trusted individuals or institutions.
Counties can implement multi-step verification for financial transactions, use email filtering tools, conduct phishing simulations, and enforce stricter internal approval workflows.
Public sector organizations often have complex administrative structures and handle large amounts of public funds, making them attractive targets for cybercriminals.
While unrelated in origin, the phishing scam follows a separate audit that exposed broader financial oversight issues, prompting ongoing efforts to strengthen accountability and security practices.
Recovery depends on how quickly the fraud was identified and whether the receiving bank can freeze the fraudulent account. The county is currently working with the bank to try to retrieve the funds.