Business Email Compromise Strikes Food Bank

types_of_phishing_attacksBusiness Email Compromise is a type of cyber attack where cyber criminals use email to try and steal data or money.  This type of attack is also referred to as phishing or email fraud.  Whatever you call it, this attack affects companies big and small, for profit and non-profits alike.

In this latest example, a Philadelphia food bank, called Philabundance, was targeted by scammers who were able to dupe the employees into giving up a million dollars.  As explained by Graham Cluley in his blog, Philabundance was in the process of completing a construction project of a new community kitchen.  “Posing as a legitimate construction company that was owed money for the building work, scammers sent a bogus invoice to Philabundance requesting payment.” Thinking it was a legitimate request by the construction company, employees wired the $923,533 to the cyber criminals.  The fraud wasn’t discovered until 18 days later when the real construction company demanded payment.

This is a sad story, in that the food bank still needs a million dollars to pay the construction company, as that million is now lost to the criminals.  It is unlikely that they will be able to recover the funds from the criminals.  You may remember a story from earlier this year where Barbara Corcoran’s company was also compromised in a similar manner, but the bank was able to stop the transaction before the funds went to the offshore criminal’s account.  Corcoran was lucky, but in most cases, once the money is gone, it’s gone!

How likely would you be able to spot this type of fraud?  Do you think others in your organization could fall for this tactic?  The fraudulent emails are getting harder to spot, investing in cyber awareness training for your entire organization is a must. As is using some type of anti-spam software to help filter out the fake emails.  Contacting a MSSP like Uzado can help you minimize the damage to your organization caused by these types of attacks.