Federal authorities have recovered more than $2.27 million stolen from a Vermont public agency after a cyber fraud in which criminals redirected payments through a business email compromise scheme, highlighting the importance of rapid reporting in combating increasingly sophisticated payment fraud.
The U.S. Attorney’s Office for the District of Vermont announced that it had secured a forfeiture judgment for $2,270,202.39, allowing the funds to be returned to the Chittenden Solid Waste District after they were seized from a bank account used in the fraud.
The recovery follows a cyber-enabled payment diversion scheme in which fraudsters impersonated a legitimate construction contractor and tricked the agency into sending more than $3 million to an account controlled by criminals.
Fraudsters Redirected Construction Payments
According to court documents, the fraud began in late January 2026 while the Chittenden Solid Waste District was working on an ongoing construction project.
The agency received an email appearing to come from its construction contractor that instructed it to redirect future payments to a different bank account.
Believing the request to be legitimate, the agency transferred two payments totaling more than $3 million to an account held at Citibank.
Investigators later determined the account did not belong to the construction company but was instead part of an ongoing fraud scheme.
Rapid Reporting Helped Recover The Funds
After discovering the fraud, the Chittenden Solid Waste District quickly contacted law enforcement.
The FBI worked with the U.S. Attorney’s Office to identify and freeze funds remaining in the receiving account.
Using a civil seizure warrant, authorities successfully seized approximately $2.27 million before the funds could be fully transferred through the criminal network.
On July 2, U.S. District Judge William K. Sessions III approved the forfeiture order, clearing the way for the money to be returned to the agency through the U.S. Marshals Service.
| Recovery Summary | Details |
|---|---|
| Victim | Chittenden Solid Waste District |
| Total fraudulent payments | More than $3 million |
| Funds recovered | $2,270,202.39 |
| Recovery method | Civil seizure and forfeiture |
| Funds returned by | U.S. Marshals Service |
Authorities Credit Immediate Notification
Federal officials said the successful recovery would not have been possible without the victim’s rapid response.
First Assistant U.S. Attorney Jonathan A. Ophardt praised the agency for quickly involving law enforcement.
“Recoveries of stolen funds from sophisticated cyber actors are only possible when impacted entities quickly alert law enforcement about their losses.”
He added that the Chittenden Solid Waste District coordinated closely with investigators immediately after identifying the phishing attack.
“Because of CSWD’s actions in the wake of the phishing scam, we were able to seize and return over $2 million dollars to CSWD, a benefit to all residents of Chittenden County.”
FBI Warns Business Email Compromise Remains Major Threat
The FBI said business email compromise continues to rank among the most costly forms of cyber-enabled financial crime.
Unlike ransomware attacks, business email compromise schemes often rely on social engineering rather than malware, convincing victims to voluntarily transfer funds into accounts controlled by criminals.
FBI Albany Special Agent in Charge Craig L. Tremaroli said immediate reporting remains critical.
“This type of fraud is one of the most pervasive threats facing our communities today, but the FBI is here to help.”
He noted that investigators were able to begin tracing and freezing the transactions almost immediately after receiving notification.
“I implore the public to immediately report this type of fraud to law enforcement so we can work together to achieve a similar outcome.”
Business Email Compromise Continues To Target Organizations
Business email compromise schemes have become one of the most profitable cybercrime tactics worldwide.
Attackers typically compromise or impersonate legitimate email accounts before sending convincing payment instructions to businesses, government agencies or nonprofit organizations.
Rather than stealing credentials or deploying malware, the criminals exploit trust between organizations and their suppliers, making fraudulent payment requests appear routine.
Once funds arrive in mule accounts, they are often rapidly transferred through multiple domestic and international accounts or converted into cryptocurrency, making recovery significantly more difficult.
Why It Matters
The recovery demonstrates that while business email compromise remains one of the fastest-growing forms of financial fraud, rapid action can substantially improve the chances of recovering stolen funds.
Financial institutions, public agencies and private companies increasingly face sophisticated invoice redirection attacks in which legitimate supplier relationships are exploited through carefully crafted phishing or email impersonation campaigns.
Federal authorities continue to advise organizations to independently verify any requests to change banking instructions, particularly for high-value payments, and to contact both their financial institution and law enforcement immediately if fraudulent transfers are suspected.
