14 DAY TRIAL // Hackers stole almost $1,000,000 from the Save the Children non-governmental organization after compromising the email account of one of its workers as reported by Boston Globe.
The cybercriminals used the email account they infiltrated to generate false invoices and some other documents as part of a business email compromise (BEC) attack to persuade the charity to send nearly $1 million to bank accounts from Japan controlled by the bad actors.
Business email compromise (BEC) are attacks that use social engineering to target a company employee, usually from the Finance department, and convince him into wiring off large sums of money to third-party accounts controlled by the attackers.
As reported by the Globe, the attackers convinced the Save the Children employees who approved the money transfers that the funds were needed to buy solar panels for Pakistan health centers.
Even though the Save the Children Federation, the affiliate of Save the Children International, did not manage to stop the money transfers before they reached the hackers' accounts, the NGO still managed to get back almost all the funds lost in the attack except $112,000.
In a separate attack, $9,210 were sent to the attackers' accounts
The BEC attack was discovered by the Save the Children charity back in May 2017 as detailed by an Internal Revenue Service filing insurance.
"We have improved our security measures to help ensure this does not happen again," the NGO's CFO Stacy Brandom told the Globe. "Fortunately, through insurance, we were ultimately reimbursed for most of the funds."
Although the organization did not detail the measures it took to make sure that such attacks will not happen again, it most probably will use extra employees to sign off any wire transfers and call in to check the account numbers before giving the thumbs up.
"In a separate incident, the charity reported that it was provided with a false bank account in Africa for a vendor whose e-mail had been hacked, causing the charity to mistakenly send $9,210 to the hacker’s account instead of the real one," adds the Globe.