Parma Heights has tightened its digital defenses after a slick email scam slipped past City Hall safeguards and cost taxpayers roughly $225,000. The phony invoice scheme, which city officials say used lookalike email accounts and convincing documentation, exposed weak spots in how payments were verified and forced an emergency rethink of local cybersecurity.
Within weeks, council scrambled to update contracts with its tech provider, layer on new protections and warn staff that routine invoices are now anything but routine.
How the scam worked
The fraudsters reportedly set up email addresses that differed from legitimate ones by just a single character, then sent realistic-looking invoices to city staff, according to Cleveland.com. One of those bogus bills slipped through and was paid, resulting in a transfer of about $225,000 before anyone realized something was off.
Once the irregularity surfaced, local police and finance officials opened an internal review. Police Chief Steven Greene told the outlet the city has long relied on Simvay LLC for technology services, with the firm handling system maintenance and user support.
Officials say they’ve bolstered defenses
Mayor Marie Gallo told Cleveland.com that "security breaches are extremely common in the public sector" and said the city has now installed multifactor authentication on computers and email accounts.
Officials added that Simvay has installed new security software and is following state-required protocols as Parma Heights tightens controls around both system access and the way payments are approved.
Contract changes and CJIS compliance
To formalize the response, city council recently amended its agreements with Simvay LLC to beef up enterprise managed technology services and cyber risk management, according to Parma Heights. The updated language specifically calls out compliance with the FBI’s CJIS security policy and Ohio LEADS rules that govern access to criminal-justice databases.
The amendment also folds in a new security addendum that allows for contract termination if those requirements are violated. City leaders say the changes were pushed through quickly, both to satisfy CJIS and LEADS obligations and to harden the network after the invoice scam.
Not the first time
If this sounds familiar to Parma Heights residents, that is because it should. The city was hit by a similar email takeover in 2023 that resulted in a $504,576 payment before the scheme was uncovered, and authorities later arrested a suspect in that case, according to WTAM.
That earlier episode, paired with other scams across the region, has underscored how dependable municipal payments have become a favorite target for criminals who prefer keyboards to crowbars.
Why municipalities are targeted, and what to do
Cuyahoga County’s Scam Squad reports that government impersonation and company-impersonation cons were among the most-reported frauds in 2025, with scammers stealing more than $5.2 million from county residents last year, according to the county’s consumer-protection page.
Ohio Attorney General Dave Yost has likewise warned Ohioans about aggressive text and QR-code schemes and urged people to independently verify any demand for money before paying.
Parma Heights officials say their new mix of multifactor authentication, tightened contracts and tougher invoice checks is intended to make it far harder for anyone to spoof a routine payment.
City leaders say they will continue training staff and revisiting procedures while investigators chase down leads on the fraudulent transfer. Residents who are worried about suspicious invoices or strange messages can contact City Hall or call the county’s Scam Squad for guidance.
