A year later, still no resolution in online theft of nearly $140,000 from Tarentum

Few answers have turned up in the year since Tarentum was robbed of nearly $140,000 in an online phishing scam.

The investigation by the borough’s insurance carrier is ongoing.

Officers determined the person or group responsible for the crime netted a total of between $800,000 and $900,000 from many victims, Borough Manager Dwight Boddorf said.

“These people do this in multiple places, and all of the money got funneled into a joint account,” Boddorf said.

Investigators are trying to determine how much money was stolen from each of the victims.

Boddorf said it could take a couple of years to resolve.

“We don’t know the details,” he said. “Was it a U.S. citizen? Was it someone overseas? Did they steal from private companies, or was it all from municipalities?”

Catherine Coennen, public relations officer for the FBI Pittsburgh office, said it is standard practice for her agency not to discuss investigations.

Phishing is when someone sends an email mimicking a reputable company to lure someone into giving personal information that could include bank numbers, passwords or other sensitive material.

According to the 2022 Internet Crime Report by the FBI, there were more than 800,000 reports of cybertheft filed with losses exceeding $10.3 billion.

The total number of complaints went down from the previous year by 5%, but the amount of money stolen increased by almost 50%, according to the FBI.

Of the reported incidents in 2022, phishing schemes were the top crime with more than 300,000 complaints. People 60 and older reported the most money stolen.

Boddorf said the Tarentum incident happened in September 2022 and was reported to the bank and the municipality’s insurance broker, AWL&L. An initial insurance claim was denied.

The policy at the time did not cover what is considered “social engineering fraud loss,” so the borough has not been reimbursed.

“Nor will we be,” Boddorf said.

“At this point, we assume the only way to recover the funding is from the seized bank account, but that is not guaranteed and could take significant time.”

If the money is not distributed within four years, the borough will have to call it a loss because of time limits on the investigation.

Since the scam, the borough has changed its insurance policy to cover fraud like this. It also has tightened its technology security regarding the ways online information is disseminated.

Employees were trained in two-step authentication, and the borough has implemented what Boddorf called rigorous protocols.

Online crime isn’t new, with reports of phishing thefts in the Alle-Kiski Valley dating back to the early 2000s, just as internet use was revving up.

In 2008, an email scheme targeted the Allegheny Ludlum credit union.

The phony “official notification” told Allegheny-Ludlum Brackenridge Federal Credit Union cardholders that their online accounts had expired. It asked customers to click a link and fill in their account number.

Credit unions would never ask for information in this manner.

Boddorf said cyber awareness training is ongoing in the borough, as phishing schemes don’t appear to be slowing.

“We had one come in today,” he said Monday. “But it was caught within a minute.”