Nevada City, CA – The Nevada County Auditor-Controller’s Office detected an identity fraud incident on Friday, June 9th, resulting in a payment of $46,000 due to cybercriminals impersonating a County vendor. No County IT systems or services were accessed, breached, or compromised.

The cybercriminals successfully requested payment by impersonating a County vendor, despite multiple layers of review. The Auditor-Controller’s Office has taken immediate steps to ensure additional independent verification processes are in place, including directly contacting vendors by phone when any vendor information changes are requested.

“Our office takes incidents like this very seriously,” said Nevada County Auditor-Controller Gina Will. “We are committed to doing everything we can to catch this type of fraud before it happens, including continuously evaluating and strengthening our processes as these scams become more persistent.”

Social engineering is a deceptive scam commonly used by cybercriminals who use the information they can easily find online to gain people’s trust. Identity fraud and phishing emails have become increasingly frequent and sophisticated nationwide, with nearly 500,000 fraud attempts and over $1.7 billion in total loss reported so far in 2023. The County continues to work closely with its departments to prevent and reduce the risk of identity fraud incidents.

“With the prevalence of these types of scams today, it’s not a matter of if, but when – especially when all the information needed to impersonate someone, one of our County’s vendors in this case, is readily available to them online,” said Information and General Services Agency Director Steve Monaghan. “Every County staff member and contractor is invested in trying to identify and stop these types of scams, participating in about 350 hours of training each quarter across our organization, but they can happen to anybody.”

The County is working closely with law enforcement to investigate the incident. It’s important that unfortunate incidents like these are made public in the interest of transparency and to raise awareness and deter cybercriminals.

Protect yourself from social engineering scams by using these tips:

  • Double-check for any misspellings from trusted sources’ emails or texts.
  • Be suspicious of unsolicited messages, and do not click on links or open files in any messages you are suspicious of.
  • Be cautious of what personal information you share online.
  • If you are suspicious of any messages you receive, contact the sender separately using the vetted contact information you have from previous communications, and never use the contact information from a suspicious message.