Warren County officials say the phishing incident that led to $3.3 million in losses is still under investigation. Investigators are mapping how attackers moved money through multiple banks and intermediaries, including possible money-mule activity.

Officials in Warren County, New York, report that a phishing incident tied to $3.3 million in losses remains an active case, with investigators continuing to trace the movement of funds after the initial compromise. Reporting from GovTech describes a widening paper trail that stretches beyond the first point of entry, including follow-on transactions through banks and other intermediaries. The inquiry focuses on understanding how stolen access was converted into payments and who benefited at each stage. The case highlights a common scam pattern in which attackers use compromised credentials to initiate or authorize payments, often timed to evade detection and take advantage of routine internal processes. As investigators review transaction records and intermediary involvement, officials aim to determine the full sequence of events: how funds were extracted, where they were routed, and whether additional facilitators helped disperse money. The continued work underscores that recovery and enforcement can take significant time when fraud networks rely on layered transfers and mule-like actors to obscure the origin and destination of funds.