Aurora loses $1.1 million in scam

The city of Aurora lost $1.1 million when an employee was duped by a con artist.

City officials acknowledged the amount on Thursday after initially refusing to say how much had been taken.

According to a statement from the city, the theft occurred on April 29 when a city worker received a phone call from a person impersonating a bank worker.

As part of the “social engineering incident,” officials said, the caller appeared legitimate, established trust and created a false sense of urgency that prompted the worker to disclose payroll banking account information.

Aurora police and the FBI are investigating the incident. The city has also hired a cybersecurity expert to look into it, according to the statement.

The city has insurance coverage to mitigate losses from fraudulent incidents, and it is also working with the financial institutions to try to recover at least some of the money, according to the statement.

It said there is no evidence that the city’s computer networks or data systems were compromised.

It is trying to determine if employee data has been affected.

“The City will continue to practice its internal procedures, security measures, and employee training programs to strengthen protections and help prevent incidents in the future,” the statement said.

A spokesman declined to say whether the employee involved has been disciplined.

According to a U.S. State Department advisory publication, social engineering is “the art of manipulating individuals to divulge confidential information or perform actions that compromise security. Attackers employ social engineering to elicit human emotions and exploit system vulnerabilities. It is much easier to trick someone into providing sensitive information than it is to find and capitalize on security gaps in computer systems.”