PENDER COUNTY — A Pender County spokesperson confirmed Tuesday approximately $650,000 in taxpayer money was paid out in a fraud scheme that exploited the county’s electronic funds transfer system. Money intended for a county vendor was lost to cyber criminals over a two-month period.
READ MORE: Amid tax impact concerns, Pender commissioners certify revaluation standards
The financial discrepancy was discovered only after the legitimate vendor — unnamed by the county — notified Pender officials in December that multiple invoice payments had not been received. The scheme began in September when an outside party successfully impersonated the vendor to request a change to the county’s payment details. The county complied and ended up paying $650,000.
Port City Daily learned of the incident on Sunday from a tip noting Lower Cape Fear Water and Sewer Authority was the vendor intended to get the payments. Upon emailing and calling the Lower Cape Fear Water and Sewer Authority Tuesday, Executive Director Tim Holloman told Port City Daily: “At this time, we’re not going to comment.”
PCD emailed Pender County Communications Manager Brandi Cobb multiple questions Monday morning about the fraud as well, including procedures for vendor payment changes and internal controls, oversight, taxpayer liability and if an insurance claim had been filed. Rather than answering questions, the county sent out a press release Tuesday to all media instead.
In it, the county noted it is cooperating with law enforcement agencies, state, local and federal, and noted “every effort is being made to recover the funds.” The press release states “no customer or resident information was released or involved in this incident” and a “manual audit of all other banking information change requests is underway.”
It also indicated additional information would not be released until the investigation concludes.
Port City Daily attempted to reach commissioners for comment and clarification on whether the loss will be covered by insurance or if it presents a financial risk to taxpayers and the county. They did not respond by press.
Port City Daily has filed a public records request to include:
- The county’s commercial crime or cyber insurance policy and documentation of a filed claim.
- The county’s official electronic funds transfer verification policy which would have detailed proper steps to follow before approving account detail changes.
- All emails exchanged between the county manager, finance director, and county attorney regarding the fraud discovery.
Pender County is not the only local government agency in North Carolina to be targeted by cyber crime. In 2018, Cabarrus County was the victim of a similar vendor impersonation scheme where criminals changed bank details for a construction vendor and successfully diverted a payment. Cabarrus County’s initial loss was $2.5 million, with the county able to recover just over $776,000 through bank intervention, leaving about $1.7 million unrecovered at the taxpayers’ expense.
This type of attack, classified as a business email compromise with the Federal Bureau of Investigation, is ranked as one of the most financially devastating forms of cybercrime. According to the FBI’s Internet Crime Complaint Center 2024 annual report, BEC scams resulted in over $2.7 billion in reported losses nationwide in 2024 alone. The FBI warns these scams rely on exploiting administrative processes and the trust of employees, encouraging organizations to implement robust internal controls and verification procedures.
Have tips or suggestions for Charlie Fossen? Email charlie@localdailymedia.com
At Port City Daily, we aim to keep locals informed on top-of-mind news facing the tri-county region. To support our work and help us reach more people in 2026, please, consider helping one of two ways: Subscribe here or make a one-time contribution here.
We appreciate your ongoing support.
