Citizen Portal
Sign In

Franklin contractors report fake invoices using city logo; police and IT investigating

6497210 ยท October 23, 2025

Loading...

AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

Contractors received emailed invoices that impersonate Franklin's planning department; police escalated the matter to federal authorities and IT recommends process changes and vendor vigilance.

City and police officials told the Technology Commission that construction contractors and vendors have received spoofed invoices purporting to come from the City of Franklin planning department. The emails used the city logo, local addresses and sometimes named city staff and included a request to execute a wire transfer; messages have used usa.com and other free email domains.

IT Director Jim Matoski said the Franklin Police Department has escalated several incidents to the U.S. Department of Justice and the FBI but has not received a response. Matoski described the messages as highly targeted in some cases, noting they sometimes reference active projects and appear authentic; he said the spoofed messages "include the city of Franklin logo and city hall addresses" and that the attackers sometimes impersonate a named director with contact information.

City response options discussed: Matoski and commissioners discussed process changes to reduce the risk of mistaken payment. Options included requiring vendors to retrieve invoices from a secure invoicing portal rather than accepting emailed invoices, requiring phone validation for wire instructions, establishing a published list of official remit/payment addresses, and increasing vendor education to verify any unusual payment-request email. Matoski warned that a determined attacker can mimic any single control and that the better defense is a series of checks (for example, email + phone verification).

Incidents and scale: Matoski reported about six instances of spoofed invoices directed at contractors and agencies working with the city; he said the volume has been limited but the city is treating the incidents seriously because one mistaken payment could create significant liability for a contractor and reputational risk for the city.

Ending: The commission recommended notifying major contractors of the spoofing attempts, adding invoice-handling guidance to procurement communications and discussing potential process changes with the finance department and legal counsel. Matoski said the city will also encourage vendors to verify any invoice or payment-change request by calling a published city contact number rather than responding to an email alone.