1/13/2016
Hartnell College Mail ­ Hartnell CCD victim of criminal financial activity
Willard Lewallen <wlewallen@hartnell.edu>
Hartnell CCD victim of criminal financial activity Willard Lewallen <wlewallen@hartnell.edu>
Wed, Dec 9, 2015 at 10:18 AM
Bcc: Administrators <administrators@hartnell.edu>, Classified Employees Mailing List <classified@hartnell.edu>, L­
39 Mailing List <L­39@hartnell.edu>, Full Time Faculty Mailing List <faculty@hartnell.edu>, Part Time Faculty
Mailing List <ptfaculty@hartnell.edu>
Dear Colleagues,
On October 28, 2015 the Hartnell CCD was the victim of criminal financial activity involving wire fraud. An entity
unknown to the District at this time "spoofed" my email address (wlewallen@hartnell.edu) and pretended to be
me. If you are not familiar with "spoofing," you can learn more about it at this link. My email was not hacked.
Someone created an email account through another internet provider that imitated my email. The financial
industry and the FBI labels this "Business Email Compromise." You can learn more about it at this link. Using
my email address the criminal(s) requested the Business Office to complete a wire transfer in the amount of
$69,000. The emails exchanged between the Business Office and the criminal(s)s are all documented. In one of
the emails the person pretending to be me communicated that the documentation in support of the wire transfer
would be provided on Monday the following week. The wire transfer was completed.
On November 2, 2015 the Business Office received another request for a wire transfer. Again, this appeared to
be from me. This second request raised suspicions and further inquiries were made directly with my office
confirming that I had I sent no such request for a wire transfer. We then involved our IT department in
investigating the email requests which led to the discovery of "spoofing" or Business Email Compromise." The
District subsequently contacted the bank in an attempt to stop the $69,000 wire transfer, but it was too late. The
good news is the second attempt was thwarted.
The following steps have been taken to address this incident.
1. The Business Office has initiated procedures regarding wire transfer requests that require documentation in
advance supporting the request of the wire transfer regardless of who is initiating the request. An email
communication or phone call will not be sufficient to initiate a wire transfer.
2. A criminal complaint was filed with the FBI and the District will follow­up with the FBI regarding the complaint.
3. The District has filed a claim with its insurance carrier to recover the funds lost through fraudulent activity.
This claim is in process currently.
4. The District's IT department is reviewing systems and tools to ensure that the District is doing everything
possible to detect and identify potentially harmful or suspicious email communications. I know that I have
received warning messages when particular email communications have been detected to be potentially harmful.
Lastly, I will use this opportunity to remind all employees to be on alert for any email communications requesting
account numbers, requesting you to change passwords, etc. I encourage you to review the information provided
in the links above regarding 'spoofing" and Business Email Compromise. If you suspect that an email is
potentially harmful or fraudulent, immediately contact Dave Phillips, Interim Vice President of Information
Technology (dphillips@hartnell.edu, 755­6729).
If you have questions regarding any of this, feel free to contact me.
Regards,
­­ Willard Clark Lewallen, Ph.D.
Superintendent / President
https://mail.google.com/mail/u/0/?ui=2&ik=c302742190&view=pt&q=in%3Asent%20fraud&qs=true&search=query&msg=15187f794e444ee5&siml=15187f794e…
1/2
1/13/2016
Hartnell College Mail ­ Hartnell CCD victim of criminal financial activity
411 CENTRAL AVENUE | SALINAS, CA 93901
831.755.6900 Direct | 831.682.3541 Cell | 831.753.7941 Fax
wlewallen@hartnell.edu | www.hartnell.edu
(some responses sent from phone, please excuse typos)
https://mail.google.com/mail/u/0/?ui=2&ik=c302742190&view=pt&q=in%3Asent%20fraud&qs=true&search=query&msg=15187f794e444ee5&siml=15187f794e…
2/2