Advert.

Do NOT tell your scammer he is posted here, or report their accounts as it puts others at risk!

US Church Hit in $1.8m BEC Scam

Did you read about scams in the papers, or see it on TV? Let us know.

US Church Hit in $1.8m BEC Scam

Unread postby SlapHappy » Wed May 01, 2019 1:52 pm

https://www.infosecurity-magazine.com/n ... ec-scam-1/

1 MAY 2019 NEWS
US Church Hit in $1.8m BEC Scam
Phil Muncaster
Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine
Email PhilFollow @philmuncaster


A US church has been hit by a major Business Email Compromise (BEC) attack, losing almost $1.8m after fraudsters tricked staff into changing a contractor’s payment details.

Saint Ambrose Catholic Parish — based in Brunswick, Ohio — is currently renovating its church in a Vision 2020 project. However, BEC scammers recently targeted the large monthly payments it makes to a local construction firm.

“On Wednesday, Marous Brothers called inquiring as to why we had not paid our monthly payment on the project for the past two months totalling approximately $1,750,000. This was shocking news to us, as we have been very prompt on our payments every month and have received all the appropriate confirmations from the bank that the wire transfers of money to Marous were executed/confirmed,” explained father Bob Stec.

“Upon a deeper investigation by the FBI, we found that our email system was hacked and the perpetrators were able to deceive us into believing Marous Brothers had changed their bank and wiring instructions. The result is that our payments were sent to a fraudulent bank account and the money was then swept out by the perpetrators before anyone knew what had happened. Needless to say, this was very distressing information.”

Hackers are said to have compromised two email accounts to “deceive the parish and perpetrate the fraud.” It’s unclear how, although phishing is the most likely tactic.

“After reviewing our systems, to the best of our knowledge, only the email system was breached/compromised,” said Stec. “Our parish database is stored in a secure cloud-based system. This allows for many layers of security/protection of our parish database information.”

The church has submitted an urgent insurance claim in order to recoup the funds and pay its construction company, although there’s no guarantee that the policy will pay out.

The news comes a few days after an annual FBI report revealed that BEC attacks caused more losses than any other cyber-threat reported to its Internet Crime Complaint Center in 2018: a total of nearly $1.3bn.

Corin Imai, senior security advisor at DomainTools, argued the Saint Ambrose case highlights that no organization is safe from such scams.

“In addition to email filtering systems, those responsible for organizational finances should take the time to cross reference any emails they receive with those from addresses known to be genuine,” she added. “It’s better to make a legitimate transfer late than a fraudulent one promptly.”
If anyone asks you for money on the Internet they are always a scammer, 100% of the time.
Blackmail Scammed? Go here: https://www.scamsurvivors.com/blackmail/#/
FAQ viewtopic.php?f=3&t=19
Victim of a scam? Go here: https://scamsurvivors.com/forum/viewtop ... =3&t=26504
User avatar
SlapHappy
Retired admin/co creator
 
Posts: 44968
Joined: Tue Apr 17, 2012 5:18 am
Location: Just a face in a magazine, watching you post your scammer's details.

Return to Media reports.

Who is online

Users browsing this forum: No registered users and 25 guests