Mayor, Council Release Emails Detailing Theft of $3.2m via Phishing Scam

Tuesday night, the City of El Paso released a limited number of emails about the events related to the theft of approximately $3.2 million via an email phishing scam.

City officials said the release was “at the request of Mayor and Council to enlighten the community (and) to assure the public that the City’s financial management system was not compromised.”  They add that the entire matter is “the subject of an ongoing criminal investigation and efforts to recover the misdirected funds are underway.”

The names and contact information of the potential witnesses, victims and suspects have been redacted to protect their identities during the ongoing criminal investigation.

The investigation of the misdirection of funds and steps to recover the funds are continuing.

According to city officials, the first misdirected payment occurred on September 28, 2016, and involved approximately $2.9 million in state funds for a project managed by the Camino Real Regional Mobility Authority (CRRMA). The second misdirected payment took place on October 4, 2016, and involved approximately $312,000 earmarked for city projects.

To date, approximately $1.9 million of the funds have been recovered – a sum of $1.6 million of the approximate $2.9 million and a sum of $293,000 of the approximate $312,000.

The CRRMA is an independent governmental entity that was formed by the City of El Paso in March 2007 and is regulated by the Texas Transportation Commission. The City was granted authority to create the CRRMA and its board by the Texas Transportation Commission to study, evaluate, design, finance, acquire, construct, maintain, repair, and operate transportation projects.

The CRRMA has a seven-member board – six members are nominated by the Mayor and appointed by Council and its presiding chair is appointed by the governor.

The City of El Paso provides the CRRMA organization with support services for its daily business operations, such as accounting, auditing, procurement and accounts payable, however the ultimate authority for approval of payments rest with the CRRMA executive director.


  • August 22, 2016 – The Imposter Granite Construction Company exchanges a series of emails with CRRMA. During these emails, the fictitious checking account information is submitted and changed from the legitimate Paso Del Norte Trackworks Checking Account information. The differences in vendor name are caught by a Purchasing Department employee who brings it to the attention of CRRMA. CRRMA instructs the Purchasing employee that the vendor is just changing their checking account and to process the change.
  • September 19, 2016 – The Imposter Granite Construction Company contacts CRRMA, the Comptroller’s Office, and the Purchasing Department to inquire about when the next payment will be processed. An accountant in the Comptroller’s Office questions the payment inquiry and forwards the inquiry to CRRMA. CRRMA responds to the Accountant and tells him he (CRRMA) has instructed Granite to contact him regarding all payment inquiries.
  • September 29, 2016 – The real Granite Construction Company contacts CRRMA to inform him that they have not been paid. CRRMA does not contact the Comptroller’s Office.
  • October 12, 2016 – The Comptroller’s Office contacts the real Granite Construction Office and asks if they received the $2.9 million payments. When the Comptroller is informed by the real Granite Construction that they did not receive the payment, the Comptroller submits a request to Wells Fargo to recover the payment.

To view the emails click either of the file links below:

Attachment – Limited Redacted Emails Related to Misdirection of Funds

Attachment – Additional Emails Related to Misdirection of Funds