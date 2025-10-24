The City of Lynnwood lost $7,158 due to cyber fraud in December, depositing money into a fraudulent account after someone emailed the city impersonating an employee changing their direct deposit information.

The incident was first publicly reported in Lynnwood’s 2024 Accountability Audit from the Washington State Auditor’s Office (SAO). The activity was detected when the employee emailed the city after they did not see a deposit in their bank account on pay day, according to an incident report City staff provided to Lynnwood Today.

According to the audit report, Lynnwood did not have “adequate internal controls over electronic payments to protect public funds.” Although the city has a policy in place to verify bank change requests, the policy didn’t contain all elements required in the state’s financial manual for governments, the report read.

Further, the audit found that “City staff did not consistently or adequately follow their intended procedures,” and “Training provided to City employees was not effective, as staff missed key red flags common to phishing schemes.”

Since the incident, the City has put additional controls in place. This includes printing “live” checks while small deposits (usually less than one dollar) are sent to the bank for verification before a full check is deposited into an employee’s account, according to the incident report. The City also filed a police report.

In an audit management letter to the City, the SAO recommended Lynnwood avoid policies reliant on information sent via email.

According to the letter, Washington governments reported a loss of over $37 million in public funds since 2016 as a result of cyber fraud.

“In these schemes, an external threat actor contacts the government, appearing to be a known source such as an employee, upper-level manager, vendor or other business associate,” the letter read. The threat actor involved then convinces government staff to redirect payments into a fraudulent account, or to purchase gift cards and provide them with the card numbers.

Cyber fraud, also known as phishing, does not just target government entities. In 2024, the FBI received 859,532 complaints of suspected internet crime, with estimated losses exceeding $16 million. This is a 33% increase over 2023. People over 60 are targeted the most and have lost the most money, according to the agency.

According to the U.S. Federal Trade Commission, scammers often use emails, phone calls or text messages, telling a false story to get someone to open a link or an attachment. The message will often appear to be from a bank, credit card or utility company or official organization.

The scams will often claim suspicious activity or problems with payment information or ask you to confirm personal information. Scammers will also call you to report an issue with your computer, or a false popup will appear on your computer with a number to call.

How to spot and avoid scams

According to the FTC, email, text and scam calls are often generic and don’t include your personal or actual account number or information. They will usually include a link or attachment or a phone number to call. Common scams from websites such as Amazon will alert you of payment or delivery details for an order you didn’t place. Scammers will often falsely claim that there’s an urgent matter and prompt you to act immediately.

Legitimate tech companies will not call you to alert you of an issue with your computer, the FTC said. Legitimate companies will also not email or text you a link to update payment information.

A Google search of the email address or phone number contacting you can verify whether the company is actually contacting you. There are also websites dedicated to identifying whether a phone number is legitimate or not. You can always contact the company in question directly to confirm the information. Even though the scam will insinuate an urgent matter, it’s always recommended to take time to verify information. It might also be helpful to contact a friend or someone you trust for help.

Do not call numbers you see on an online popup and exit the tab immediately.

The FTC recommends downloading security software and keeping your devices up to date. It’s also important to protect your accounts using multi-factor authentication and by using secure passwords.

