How the Scam Unfolded
Category: Municipal Cyberfraud / Financial Sector Exploits
Features: Vendor impersonation, supplier account manipulation, Workday exploitation, repeat failures of verification policy
Delivery Method: Social engineering, spoofed vendor contact forms, fraudulent bank account changes in ERP system
Threat Actor: Unattributed (likely financially motivated fraudster or organized cybercrime affiliate)
Baltimore’s Inspector General confirmed that the city paid $1.52 million to a fraudster who impersonated a vendor and manipulated the city’s Workday system — the same enterprise software used by governments and corporations worldwide for payroll and accounts payable.
The attacker submitted a supplier contact form in December 2024, posing as a legitimate employee of a contracted company. The email address provided wasn’t corporate-issued, and the impersonated individual didn’t even have access to the company’s financial systems. Yet Baltimore’s Accounts Payable staff never verified the request with the vendor.
Over the next two months, the fraudster successfully filed multiple requests to change the vendor’s bank account. Two city employees approved the changes without cross-verification. In February and March 2025, two payments were sent:
- $800,000+ in the first transfer.
- $721,000+ in the second transfer.
Only the smaller payment was clawed back after the receiving bank flagged suspicious activity.
A Pattern of Repeated Failures
This wasn’t an isolated lapse. It was the third major vendor scam to hit Baltimore since 2019:
- 2019 → $62,377 sent to a fraudulent account after vendor details were altered.
- 2022 → $376,213 diverted when fraudsters convinced the finance department to update account information.
- 2024–25 → $1.5 million siphoned through Workday bank changes.
What makes the latest breach more damning is that the city already had policies in place — at least on paper. After the 2022 incident, the finance director promised mandatory independent verification of bank changes with an executive-level vendor contact.
Yet by the time of this newest fraud, those controls had been “not fully institutionalized” during a departmental restructuring. In other words, critical anti-fraud procedures were allowed to evaporate in the shuffle between the Department of Finance and the Office of the Comptroller.
Systemic Weaknesses Exposed
The Inspector General’s report is blunt: the scam succeeded because Baltimore failed to enforce the most basic controls:
- No independent vendor verification of banking changes.
- Over-reliance on Workday’s forms without layered safeguards.
- Failure to recognize social engineering tactics despite repeated attacks.
- Policies abandoned during restructuring, leaving employees without clear operational procedures.
Accounts Payable Director Timothy Goldsby, Jr. admitted as much, writing that vulnerabilities in verification procedures and supplier safeguards enabled the incident.
Now, in damage control, the city has announced:
- New cross-verification requirements for banking changes.
- A restricted Workday user role for sensitive account edits.
- Expanded training against social engineering schemes.
Baltimore’s Track Record of Cyber Incidents
This fraud follows a pattern of high-cost digital failures. In 2019, Baltimore was crippled by a ransomware attack that froze city services for weeks and cost $19 million in recovery expenses.
Combined with repeated vendor frauds, the message is clear: Baltimore’s financial and cyber controls remain porous. Fraudsters know it, and each successful breach confirms that the city is an easy mark.
TRJ Forecast — Next 30 Days
- Copycat Attacks: Expect other municipalities using Workday or similar ERP systems to be probed for the same weak vendor-change process.
- Policy Overhauls: Baltimore will announce procedural reforms, but without cultural enforcement, lapses will continue.
- Vendor Trust Fallout: Contractors may begin demanding stronger protections before engaging with city finance departments.
- National Scrutiny: Other city governments will be pressed to disclose whether they’ve suffered similar fraud but kept quiet.
TRJ Verdict
Baltimore didn’t just lose $1.5 million. It lost credibility. Three separate vendor spoofing scams in six years prove this isn’t about clever attackers — it’s about a city that refuses to learn from its mistakes.
In the digital economy, the weakest city department becomes the open door to taxpayer theft. Workday may have been the platform in this case, but the real breach was human negligence — repeated, documented, and ignored until it cost seven figures.
The truth is simple: without enforcement, “policies” are just paper. Baltimore has shown it can draft procedures, but not institutionalize them. Until that changes, fraudsters will keep coming — because they know the city will keep paying.
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 1 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed.
🔥 Kindle Edition 👉 https://a.co/d/9EoGKzh
🔥 Paperback 👉 https://a.co/d/9EoGKzh
🔥 Hardcover Edition 👉 https://a.co/d/0ITmDIB
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 2 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed just like the first one.
🔥 Kindle Edition 👉 https://a.co/d/1xlx7J2
🔥 Paperback 👉 https://a.co/d/a7vFHN6
🔥 Hardcover Edition 👉 https://a.co/d/efhu1ON
Get your copy today and experience poetry like never before. #InkAndFire #PoetryUnleashed #FuelTheFire
🚨 NOW AVAILABLE! 🚨
📖 THE INEVITABLE: THE DAWN OF A NEW ERA 📖
A powerful, eye-opening read that challenges the status quo and explores the future unfolding before us. Dive into a journey of truth, change, and the forces shaping our world.
🔥 Kindle Edition 👉 https://a.co/d/0FzX6MH
🔥 Paperback 👉 https://a.co/d/2IsxLof
🔥 Hardcover Edition 👉 https://a.co/d/bz01raP
Get your copy today and be part of the new era. #TheInevitable #TruthUnveiled #NewEra
🚀 NOW AVAILABLE! 🚀
📖 THE FORGOTTEN OUTPOST 📖
The Cold War Moon Base They Swore Never Existed
What if the moon landing was just the cover story?
Dive into the boldest investigation The Realist Juggernaut has ever published—featuring declassified files, ghost missions, whistleblower testimony, and black-budget secrets buried in lunar dust.
🔥 Kindle Edition 👉 https://a.co/d/2Mu03Iu
🛸 Paperback Coming Soon
Discover the base they never wanted you to find. TheForgottenOutpost #RealistJuggernaut #MoonBaseTruth #ColdWarSecrets #Declassified
Support truth, health, and preparedness by shopping the Alex Jones Store through our link. Every purchase helps sustain independent voices and earns us a 10% share to fuel our mission. Shop now and make a difference!
https://thealexjonesstore.com?sca_ref=7730615.EU54Mw6oyLATer7a
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
This is crazy. Leaders in Baltimore need to regain their credibility before they go bankrupt. The internet states that:
“No, the City of Baltimore is not bankrupt. While facing financial challenges, the city has not filed for bankruptcy. In May 2025, Moody’s downgraded the State of Maryland’s credit rating, citing economic and financial underperformance relative to other top-rated states and vulnerability to shifts in federal policy. This change affects the state government and may increase its borrowing costs, but it is not a declaration of bankruptcy for the city.”
You’re right, Chris — it is crazy. Baltimore’s leaders are burning through credibility fast, and every new failure makes it worse. They’re not bankrupt yet, but the financial warning lights are flashing — especially after Maryland’s credit downgrade. When you can’t protect taxpayer money from scams, ransomware, and mismanagement, bankruptcy stops being a rumor and starts becoming a trajectory. Credibility has to be earned back with action, not excuses.