An online scam by fraudsters based in Nigeria has victimized the state of Utah for about $2.5 million, according to court documents.

The scam, which was detailed in a report by the Salt Lake City Tribune earlier this week, enabled the bad guys to submit seemingly legitimate invoices to the University of Utah.

"A search warrant made public this week in Salt Lake City's 3rd District Court said someone in August obtained a vendor number for the University of Utah's design and construction department," the news report states. "They then forged the signature of the department's director and submitted paperwork to the state of Utah, changing the department's bank account information.

"Fraudsters logged onto a state Website and submitted invoices to the state on behalf of the campus department," the report continues. "When the state paid the invoices, the money went to a Bank of America account in Texas. The thieves reaped $2.5 million before the bank called the state to inquire why such large payments were going to the account."

"Their IT people should have known better," said Michael Kessler, president of forensics firm, Kessler International, after reviewing a copy of the search warrant. "It sounds like any kid could have done this."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message