Cleveland Public Library Sends Nearly $400,000 To Fictitious Vendor in Payment Redirect Scam

Press Release •Ohio Auditor of State

COLUMBUS - The Cleveland Public Library transferred nearly $400,000 to a fictitious vendor after not adopting proper internal controls to detect payment redirect schemes.

The June 2024 incident was noted in a management letter as part of an audit of the library's finances from Jan. 1, 2024, through Dec. 31, 2024. The full audit report is available online at ohioauditor.gov/auditsearch/search.aspx.

Auditors noted that the library changed bank payment information after receiving a request from someone pretending to be a legitimate vendor.

"The library did not have a proper internal control process in place to detect fictitious vendors," auditors wrote. "… We did note that the library immediately implemented multiple vendor verification measures to prevent future business email compromise schemes."

The library was able to recoup the entire lost amount, via a $350,000 payment from its insurance company and $46,405.14 that was forgiven by the legitimate vendor. Additionally, $133,840.50 was recovered from the fraudulent bank account and subsequently repaid to the insurance company.

The Auditor of State's Office issued a bulletin in 2024 setting clear standards and expectations for public offices in handling payment redirect requests. The bulletin is available online at ohioauditor.gov/publications/bulletins/2024/2024-003.pdf.

###

The Auditor of State's Office, one of five independently elected statewide offices in Ohio, is responsible for auditing more than 5,900 state and local government agencies. Under the direction of Auditor Keith Faber, the office also provides financial services to local governments, investigates and prevents fraud in public agencies, and promotes transparency in government.

Public Affairs Contact: Marc Kovac [email protected]