Boulder County was able to recover the almost $238,000 it mistakenly sent to a fraudulent account after a phishing scam in September.

In September, hackers acting as a vendor for the county sent a spear phishing email to the county, which resulted in a check for $237,241.18 being “sent incorrectly.”

According to a release from the Boulder County Sheriff’s Office, a detective with the sheriff’s office assigned to the Boulder County Digital Forensics Lab was able to trace the funds to a U.S. bank account.

Investigators were able to freeze the funds in the account, and on Dec. 7, the full amount of the check was returned to Boulder County.

The investigation into the incident remains ongoing.

“Boulder County has a cyber security program which is committed to defending the community’s resources from all kinds of fraud and cyber security threats,” the release read. “Our cyber security incident response was able to collect and provide a full report on the spearfishing incident to the Boulder County Sheriff’s Office, United States Secret Service and JPMorgan Chase & Co’s fraud team so they could carry the investigation forward.

“Boulder County continuously improves its security and fraud prevention safeguards, and this incident has prompted several improvements. County accounting teams have received additional training to identify vendor impersonation fraud and how to request help with verification of suspicious requests. An independent verification step has been added to our vendor payment instruction change process. Finally, our email security tools have been configured to warn users about email domains which are newly registered, and those which are only one or two characters different from our partner organizations.”

The U.S. Secret Service and the Penn Township Police Department in Pennsylvania assisted with the investigation.