“Fool me once, shame on you; fool me twice, shame on me.”
What do you say when you’ve been fooled three times? Between the city of Albuquerque and Bernalillo County, that’s what’s happened in recent years.
We live in an age of technology-based scams, a problem so pervasive the Journal has a twice-monthly “Scam Watch” column Sundays alerting readers to the latest ones. Ellen Marks, a former Journal reporter and editor and now our scam columnist, often describes “phishing” methods: texts or emails designed to get secure information out of someone. The message seems to come from your bank, utility or a business warning of a missed payment or pending cut-off in services to get the recipient to click on a link to verify their identity or account information. The advice is always to never engage, cut the fraudster out of the loop by going to the bank, utility or business and asking if there’s a problem.
Preying on a lack of online sophistication might work on your elderly aunt, but it shouldn’t work on local governments, which are supposed to have procurement procedures in place to prevent scams involving public money, which is in fact money you paid in taxes, fees, etc. Yet it keeps happening because best practices don’t work if they aren’t followed.
It recently came to light the staff at Bernalillo County’s accounts payable department were dupes in a fraudulent “confidence trick” in late 2019 by paying out $447,372 to what they thought was an approved county vendor.
The alleged scammer, Oscar Ngeno, 41, appeared remotely before a US Magistrate judge in Albuquerque on March 30. A Kenyan national here on an immigrant visa and a resident of Rochester, New York, Ngeno was released on $15,000 bond pending trial, surrendered his passport and must comply with other conditions, court records show.
The scheme was textbook scam column fodder: According to a Feb. 24 indictment, Ngeno is alleged to have caused an email to be sent to Bernalillo County on or about Oct. 22, 2019, in the name of “Carlos Boyd,” purportedly a government accounts coordinator at CDW Government Inc., a registered county information technology equipment vendor. The email asked the county to change its payment method to ACH (automated clearing house) direct payment to the Woodforest bank in Texas. The county put the updated information into the accounts payable system and processed nine invoices from Oct. 21 to Dec. 5, 2019, for over $447K.
The scam came to light when the legitimate vendor asked why it hadn’t been paid, triggering county, state and federal investigations. The state audit said the fraudulent payments were “the result of non-compliance with County procedure.”
Spokesman Larry Gallegos says the county has since strengthened its internal controls to include an “enhanced multi-level” authorization process involving four county administrators or managers to verify changes in a contractor’s payment method. The county’s bank, Wells Fargo, was able to recoup $129,094 and one of the county’s insurers reimbursed the county another $100,000. But insurance carriers wouldn’t cover the full claim in part because the loss “was caused by action that Insured (county) was duped into taking.” The county’s net loss was more than $216,000.
It should be a lesson for every government in the state — especially since it comes on the heels of the city of Albuquerque paying a scammer $420,000 in a vendor fraud scheme in 2017. How on earth did the county not tighten its controls after the city next after what swindled?
And how did the city not buckle down too? In 2021 all that stood between it being ripped off again, to the tune of $1.9 million, was its bank flagging the transaction, according to an Office of Inspector General investigation released in July. “… Neglect of duties, complacency and the deliberate deletion of records all played a part in the fraudster nearly succeeding in his attempt to defraud the City,” the OIG says.
Let’s hope finance leaders in our local governments tighten controls so this embarrassing abuse of public money doesn’t happen again. And making Marks’ scam column mandatory reading for employees wouldn’t hurt, either.
This editorial first appeared in the . It was written by members of the editorial board and is unsigned as it represents the opinion of the newspaper rather than the writers.