The small Village of Holland in Lucas County found itself grappling with the aftermath of a phishing scam that swindled $2,288.40 from its coffers. Today, state auditors issued a finding for recovery against the village's clerk-treasurer, who was on leave when an administrative assistant fell victim to the cyber ploy. The Ohio Auditor's office confirmed the sum has been fully repaid following the incident.
During the audit of the village's financial records spanning January 1, 2023, through December 31, 2024, it was uncovered that the clerk-treasurer did not establish a formal policy for verifying requests to alter employee banking details, which led to the administrative assistant, changing an employee’s banking information unknowingly to a fraudster's account. The village, in scrambling to recoup the funds, managed to secure $2,037.63 from its insurance company, an additional $250 from the clerk-treasurer, and a bank credit of 77 cents, sealing the financial gap with a combination as unconventional as the scam itself.
The full audit report, detailing the oversight and its rectification, has been made publicly available online by the state auditors. This act of transparency offers a window into the sometimes opaque world of municipal financial management and the dangers lurking in seemingly mundane procedures like the updating of bank details.
Falling in line with a bulletin put forth by the Auditor of State's Office in 2024, this case marks the second time an Ohio public employee was held accountable for not heeding the bulletin's guidelines on handling payment redirect requests. It's a reminder that in the digital age, vigilance is as much a part of the job description as any traditional clerical duty. The bulletin advocates for clear standards and expectations that, had they been followed, would have caught in the phishing net of deceit would likely have prevented the incident.
