Valencia County scammed out of $2 million

A scammer played the long con, emailing the Valencia County finance director for nearly eight months before she sent a little more than $2.02 million in taxpayer dollars to someone posing as a county contractor.

In an interview Friday, March 13, following a press release posted on the county’s website on Thursday, March 12, Valencia County Manager Jhonathan Aragon said the county received two emails in April 2025 — one marked as spam but the other was forwarded to the county’s finance department.

The email came from someone posing as Andy Auger, chief finance officer for Bradbury Stamm, the contractor building the county hospital.

The faux CFO wanted to arrange for payments to the company be made via Automated Clearing House, an electronic transfer system that processes transactions between financial institutions. Banks commonly use an ACH network to process electronic payments, such as when a customer sets up and uses a bill payment feature with their bank to pay monthly bills.

“A finance department employee was in communication with this fraudster for the better part of 2025,” Aragon said.

When the scammer made contact with the finance employee, the county wasn’t using an ACH system, the manager said, but it was an option under discussion.

“We contract with a lot of smaller, local businesses and, as a matter of efficiency, we like to get them paid sooner rather than later,” he said. “Sometimes, for these smaller, mom-and-pop businesses net 30 terms (meaning the full balance owed is due within 30 days of invoicing) don’t work well.”

The county’s ACH system was set up in September 2025 and when the real invoice from Bradbury Stamm came in December, the new electronic system was used to pay it, with the funds going to the account set up by the scammer.

Up through November 2025, Aragon said Bradbury was paid by a physical check, like the majority of the county’s other contractors and vendors.

“The online payment was sent in January,” the manager said. “When Bradbury told us they hadn’t received the payment and our finance director said it was paid through ACH, we knew there was a problem.”

According to documents released by Valencia County on Monday, March 16, the first phishing email came to the county on April 1, 2025, sent to Valencia County purchasing agent Rustin Porter, who forwarded the inquiry about ACH set up to Michelle Hueston-Green, the county’s now former finance director. Hueston-Green resigned from the position on Friday, March 13, the manager said.

The email purportedly came from Auger. According to the company’s website, Auger is the CFO and has been with Bradbury for more than 25 years.

“Please could you be of any assistance to whom to contact in regard to the ACH/EFT Forms?,” the email reads.

The email address the scammer used is similar to the actual email convention used by the company, but misspells the company’s name, using two Rs — bradburrystamm — and the message came from a “.co” domain, not a “.com” domain like the real company. In early July, the domain of the phishing email switches to “.com” but the double R remains.

The person pretending to be Auger tells Hueston-Green the company wants to change to “Wire Payment in lieu of paper checks...”

Over the months of communications between Hueston-Green and the scammer, the “CFO” changes the bank information for the ACH payment twice after the original account is set up by the finance director — going from a BMO bank account to Penfed Credit Union to a third account with Chase Bank in late December 2025.

On Friday, Jan. 2, “Andy” confirms the receipt of an ACH payment to the Chase account for $2,021,099.19 from Valencia County. By Jan. 14, Bradbury Stamm had reached out to the county asking about payment of its December invoice.

Aragon said an internal investigation into everyone involved in the process was conducted by Albuquerque attorney Jonlyn Martinez.

“There was an extremely bad mistake made, but it wasn’t intentional or malicious,” the county manager said. “We have recommendations from Ms. Martinez in relation to what we need to do in terms of that employee. I really can’t say more, since it is a personnel issue. I can say there are no criminal charges.”

The county commissioners were told about the fraud immediately, Aragon said, as well as the county’s bank and the New Mexico State Auditor’s Office.

“There are very capable, appropriate authorities involved with this investigation,” he said. “The reasoning for the delay in releasing this information is we were asked to hold off because there’s the very good potential of recovering this money. Obviously, that’s not 100 percent, but the indication is there’s a good chance.”

Aragon said the agency investigating the fraud has directed the county to not disclose its name at this time, so as to not jeopardize the investigation and possibility of recovering the $2 million.

“The agency investigating the criminal aspects is purely investigating the fraudster,” he said. “They don’t feel this was malicious on the part of the employee.”

The manager said communication between the scammer and Hueston-Green was confined to email; no one with the county called Bradbury to verify it wanted to transition to ACH payments rather than physical checks.

Hueston-Green was able to set up a payment account via ACH independently, Aragon said, and the investigation by Martinez recommended if the county uses an ACH system in the future, they implement processes to double check the account is set up correctly and properly authorized.

“There’s not an appetite to continue with ACH, obviously,” Aragon said. “We had about 15 accounts set up on it and, under the direction of the investigators continued with business as usual so they could make sure we weren’t being monitored through our system, that this person didn’t hack into our system. They didn’t find that to be the case.

“Hindsight is always 20/20. Looking back, it’s very obvious. As the investigation was happening, in talking to people, I found out this happens a lot. ACH fraud, check fraud. People and businesses don’t think it will happen to them, until it does. It’s surprisingly common.”

The money sent to the scammer came out of an account which held the legislative appropriations and ARPA funds set aside for the construction of the hospital, Aragon said, emphasizing the account with the mil levy funds for operation for the hospital was untouched.

“The project is 100 percent still on track. We will finish the hospital. We are going to have to kick in some funding from the general fund,” he said. “We do ask for grace. Nobody was maliciously trying to do this.

“We are a large organization and a lot of payments run through here. This was an extremely unfortunate event. I don’t wish this on anybody; it’s very much something that could happen to anybody.”

Aragon said the county had some “pretty robust cybersecurity training, but it’s not just a training you go through the motions and get your certificate at the end. You have to stay very diligent on remembering those trainings. We’ve obviously put out more cybersecurity trainings.”

In a document containing “Frequently Asked Questions” released by the county about the phishing scam, they are continuing to review the findings from Martinez, and are “ramping up internal phishing tests to ensure employees are aware of what potential fraudulent emails look like and can flag appropriately.”

The county’s current insurance policy does cover this kind of fraud, according to the FAQ, but the coverage is “very limited.” Aragon said he is in communication with the insurance company to determine how to move forward with a claim. The document notes the county has a health general fund that could ultimately be used to cover the missing funds for the hospital’s construction.