It has been reported that the US arm of the Save the Children Foundation has been targeted by cyber criminals, costing it almost $1 million after an employee fell victim to a phishing attack.
The compromised account was used to impersonate the staff member in order to create several bogus invoices and other documentation related to solar panels for health centres in Pakistan.
The fraudulent documentation was not challenged and the payment of almost $1 million was made to an entity in Japan.
By the time the charity realised that the invoices were fake, it was too late. Fortunately, the majority of costs were recovered through insurance, but the charity still lost $112,000.
Stacy Brandom, chief financial officer of Save the Children, said: “We have improved our security measures to help ensure this does not happen again.”
This is an example of successful business email compromise (BEC). Although BEC is more sophisticated than regular phishing scams, the same lessons apply to avoid falling victim.
Don’t take the risk – educate your employees
Educate your employees to ensure that they can spot the tell-tale signs that something isn’t quite right with an email, phone call, text message or other attack vector.
We provide plenty of free advice on the things you should look out for, but we encourage you to delve deeper to give you and your employees a thorough understanding of the threats facing them.
Our Phishing Staff Awareness E-learning Course helps employees take action against fraudsters, showing staff how to spot phishing scams, how to respond to them and what happens when they fall victim.