Surfside Beach tried to pay a contractor for completed utility work. The contractor says the money never arrived.
The South Carolina town is now waiting on insurance, banking, forensic, and law enforcement findings after $545,000 meant for Wildcat Construction was sent to a fraudulent account, according to WMBF.
Mayor Robert Krouse said at Monday night’s council meeting that officials are still trying to determine whether responsibility falls on Surfside Beach, Wildcat Construction, or some other point in the payment chain.
The South Carolina Law Enforcement Division is investigating allegations of financial fraud involving the contractor payment. WPDE reported that the FBI said it was aware of the incident but not participating in the investigation.
The Payment Was Supposed To Go To Wildcat Construction
Wildcat Construction had completed utility work for Surfside Beach, and the town attempted to pay the company.
According to WMBF, Surfside Beach’s March 2026 payable check register listed an ACH payment to Wildcat Construction on March 13.
Wildcat later said it had not received the money. A company spokesperson told WMBF that Wildcat had never used ACH payments with the town and had only used checks, which the company said had been confirmed by email.
The contractor says the town sent the money through a payment method Wildcat had not used with Surfside Beach, while town officials have said they are still waiting for investigators and insurers to determine who is responsible.
The Email Chain Had Warning Signs
After the payment issue surfaced, Wildcat said Surfside Beach sent over the email thread containing the payment confirmation.
The company told WMBF it noticed multiple red flags in the chain. One involved an email address where “Wildcat” appeared with an extra “i.” Another involved documents that the company said included a forged signature taken from a prior notarized document.
Wildcat said the money was sent to a spoofing account claiming to be the contractor.
The town has not released a final investigative finding, and no suspect has been publicly identified. The confirmed issue is narrower: a real contractor invoice was supposed to be paid, but the money went to an account the contractor says was not its account.
The Town Says Its Own System Was Not Breached
Surfside Beach has publicly acknowledged a potential cybersecurity incident involving its email environment, but officials have also said no final conclusion has been released while investigations continue.
At the latest council meeting, Krouse said he does not believe the town itself was breached.
“As far as I know, we have not been breached at all, so yeah, we don’t have any concerns our system looks good,” Krouse said, according to WPDE.
WMBF previously reported that law enforcement personnel, insurance investigators, and town IT professionals had concluded there was no breach of the town’s IT system, but that the contractor’s system or communications between the parties may have been compromised or intercepted by another method.
Insurance May Cover Only Part Of The Loss
Krouse said the insurance and banking determinations could come within weeks or months, while the law enforcement investigation could take much longer.
If the town is found liable, Krouse said Surfside Beach will have to pay. He also said the town would try to get its insurance provider to cover part of the loss.
“I believe it totals up to be $225,000 between two policies, but again, we’ll have to see what the determinations are,” Krouse told WMBF.
That could leave a major gap if the full $545,000 is not recovered or covered.
Two Finance Employees Were Fired
WMBF reported that two Surfside Beach finance department employees were fired last week. The former employees have said they had no knowledge of the transfer or who would be responsible for it.
Town leaders did not comment to WMBF on personnel matters. The report said the firings came while the state forensic investigation into the scam continued and no further findings had been released.
Councilman Rick Lawhorn said he wants the town to provide as much information as possible, but said there are limits while insurance, banking, and criminal investigations continue.
The Scam Fits A Larger Vendor Payment Pattern
The FBI describes business email compromise as a scheme that targets businesses and people who perform legitimate transfer-of-funds requests.
In vendor-payment scams, criminals may spoof a contractor, alter banking instructions, intercept emails, or use a lookalike address to redirect money meant for a real bill. The dangerous part is that much of the payment may look normal. The work may be completed, the amount may match the invoice, and the vendor may be real. The fraud hides in the payment instructions.
The FBI advises businesses to examine email addresses, URLs, and spelling carefully, and to verify payment and purchase requests in person when possible or by calling the person directly. It also says any change in account number or payment procedure should be verified with the person making the request.
A Change From Check To ACH Should Trigger A Callback
The Surfside Beach dispute shows why a payment-method change can be as important as the invoice itself.
If a contractor normally gets paid by check and a message suddenly asks for ACH, that change should be confirmed through a phone number already on file, not through the number, email, or document attached to the new request.
Small towns, schools, nonprofits, and businesses can also require two-person approval for new bank details, keep vendor-payment forms separate from email threads, and pause payments when a company name, domain, signature, bank account, or payment method changes unexpectedly.
The FBI’s Internet Crime Complaint Center says organizations that discover unauthorized payments should contact their financial institution immediately to request a recall of the funds. Attempted or actual fraudulent transfers can also be reported to IC3.gov or a local FBI field office.
Surfside Beach said it has added forms requiring contractors to provide exact payment information and is exploring cybersecurity seminars for staff, according to WMBF.
The public is still waiting for final answers on who absorbs the $545,000 loss and whether any of the money can be recovered.