School District Recovers $3.7 Million Stolen by a Hacker in a BEC Scam.

Posted by Geraldine Hunt on Fri, May 3rd, 2019

Earlier this month, the FBI Internet Crime Complaint Center (IC3) released its annual Internet Crime Report, which highlights the most common cyber attack trends and the extent of financial losses of internet crime. The report highlighted the seriousness of Business Email Compromise (BEC) attacks, which resulted in losses of more than $1.2 billion in 2018 – More than twice the losses to BEC attacks that were reported in 2017.

The Rate of BEC Attacks Increase

2019 is likely to see losses increase further as the rate of BEC attacks increase. Last week,  Scott County Schools in Kentucky announced that it was the victim of a major BEC attack that resulted in a loss of $3.7 million. This was a typical invoice scam where the school was notified that an invoice was outstanding, the school duly paid the fake invoice. Once the fact this was a wire fraud incident, the FBI was contacted, and attempts were made to recover the funds. Initially, it was it is unclear whether it will be possible to recover the money. Just today it was confirmed that the school district in Kentucky recovered the $3.7 million stolen by the hacker in this cyber wire fraud scam.

“Scott County Schools is pleased to announce the full and complete recovery of all funds feared lost last week due to wire fraud,” Superintendent Kevin Hub said in a statement on Tuesday, April 30, the Lexington (KY) Herald Leader reported. “The full amount of $3,704,338.76 has been returned to Scott County Schools. With the recovery of the money, we will not need to make an insurance claim.”

Some Recent Examples of Similar Major Losses to BEC Attacks: :

• Galloway Township Public Schools, a New Jersey public school district, lost $200,000 in an incident involving a wire transfer scam.
• Another major BEC scam occurred at  St. Ambrose Catholic Parish in Brunswick, Ohio. The church was a victim of a BEC attack that resulted in the fraudulent transfer of $1.75 million from the Church’s renovation fund.

Many other million-dollar and multi-million-dollar losses have been reported over the past 12 months. The scams are easier to pull off than many other crimes and the potential profits are considerably higher.  The scams are often conducted via email and usually include a request for a wire transfer.  The scams require some research to identify a company to impersonate, but in many cases that is not particularly difficult.

The scams are even more convincing if an email account is compromised. Then the email will come from a genuine account. Gaining access to an email account requires a carefully crafted phishing email that directs the recipient to a phishing webpage that collects login credentials – such as Office 365 credentials. A single phishing email could start the scam in motion.

These BEC attacks show how critical it is for businesses to have an advanced anti-spam solution in place to prevent the initial phishing attack from succeeding and to implement multi-factor authentication for email accounts to make it harder for stolen credentials to be used to gain access to corporate email accounts.

SpamTitan Cloud is an advanced, cloud-based email security solution that blocks spam, phishing attempts, BEC scams and malicious email threats from your business. Make life easier for your IT department and safer for all the staff in your organization. See immediate results for spam blocking without tying up IT resources with SpamTitan Cloud.