Tennessee School District Loses $3.4 Million to a Fake Curriculum Vendor Scam

In a significant cyber scam earlier this year, a school district in northeast Tennessee was defrauded of over $3 million. The incident occurred when an employee was tricked into sending funds intended for online curriculum materials to a fraudulent account. In March, the finance director of the Johnson County Board of Education, believing they were communicating with a representative of Pearson, a well-known educational services company, received an email from an address that closely mimicked Pearson’s official domain but with a slight alteration.

After exchanging information about banking details and payment schedules, the school officer made two wire transfers in April totaling $3.36 million to a Wells Fargo bank account. This amount was part of the Tennessee Investment in Student Achievement budget, designed to support public schools. It took nearly two weeks for the school board’s bank to detect and report the fraudulent activity. By the time the district was notified, the funds had already been transferred through a network of accounts, making recovery challenging.

A U.S. Secret Service special agent tracked the funds and identified John Crowson, a 76-year-old Texan, as the owner of the accounts that received the money. Crowson claimed he had opened these accounts on behalf of his fiancée, who he had met in person only a few times before she purportedly had to go overseas. He alleged she needed his help to deposit an inheritance that she couldn’t place in a U.S. bank. Other individuals who received some of the stolen funds told similar stories of being convinced by someone they met online to open accounts.

The use of “money mules” is a common tactic in scams like Business Email Compromise (BEC), where fraudsters target company employees using spoofed or compromised accounts to trick them into sending money. Such scams are widespread and costly, resulting in at least $2.9 billion in losses in the U.S. in 2023 alone, according to the FBI​(The CyberPost).

This incident serves as a stark reminder of the vulnerabilities school districts face and the importance of verifying communications, especially when it involves large financial transactions​(The Record from Recorded Future)​(Sechub).