Disney’s Reedy Creek
Improvement District falls victim to an email hack scheme that ends up costing about $94,000, documents show.
Disney’s government fell victim to an email hack scheme that ended up costing about $94,000 early this year, documents show.
An employee at Reedy Creek Improvement District thought she was receiving emails from a legitimate landscaping vendor and paid out nearly $722,000. Reedy Creek recovered all of the money except for about $94,000, according to an Orange County Sheriff ’s Office incident report.
Two men were arrested and charged with wire fraud in connection with the case last month in Louisiana after they were accused of diverting the money into a Shreveport bank account, said Detective Doug Smith of the Caddo Parish Sheriff’s Office, who also serves on the FBI Task Force.
Patrick Babila, 33, and Thadius Pugh, 34, also are charged with hacking into a California man’s emails while he was considering whether to invest in a company. The man ended up sending $50,000 to an account in Pugh’s name.
“It’s not that uncommon,” Smith said about such business email compromise schemes. “When you start seeing this thing in Shreveport, Louisiana — it’s pretty widespread.”
Officials think other people also were involved.
The Orange County Sheriff’s Office, which is working with the U.S. Secret Service, is still investigating the theft that occurred in February.
Reedy Creek Improvement District — which includes mostly Disney-owned land — acts like a county government and handles services such as building codes, road construction and fire-rescue. Reedy Creek’s administrator declined to comment because of the pending criminal investigation.
In February, a Reedy Creek finance employee received an email thread from a co-worker that included messages appearing to be from a landscaping vendor, BrightView Landscapes, the sheriff’s report said. However, it was not the co-worker who was responding. Her email had been hacked.
The email instructed that BrightView’s future payments should be sent to the company’s new account with Capital One Bank.
“The document that was attached to email appeared to be legitimate as it also contained the proper BrightView Landscaping logo,” the sheriff’s report said, adding BrightView’s correspondence was also from a person who interacted regularly with Reedy Creek.
The finance employee emailed her co-worker back to confirm that she had verified the new account by phone, and the coworker wrote back that she had, the report said.
“Believing the transaction to be legitimate, the account change was made and two payments were ultimately sent to the Capital One account,” according to the sheriff ’s report.
The finance employee received another email from the same co-worker, informing her that BrightView had made a mistake and now wanted to be paid in a Bank of America account instead.
A few days later, a SunTrust representative called the finance employee to verify the payments. The SunTrust employee said her bank was contacted by Capital One because the name on Reedy Creek’s payments did not match the name on the Capital One account.
That was when the Reedy Creek finance employee became suspicious, the sheriff’s report said.
The finance employee realized her co-worker knew nothing about the emails or the account changes. An investigation later found that somebody unknown had deleted more than 200 emails from the co-worker’s account and then forwarded them to a Gmail account.
The finance employee also contacted BrightView, which said the company had not requested a new account to be used.
The Sheriff’s Office was contacted Feb. 27, and the Capital One account was frozen. By then, only about $722,000 was left in it.
Reedy Creek got that money back in an electronic transfer in late March although the government “has suffered a permanent loss of $93,658,” the report said.