In an article last week, we highlighted the case of a Dutch firm that lost €19m ($21m) to a Business Email Compromise (BEC) scam to push forward the idea of having strong security measures for preventing BEC Scams.
Today, we came across the news of a (rather old) BEC incident – an Indiana school district lost more than $120,000 to BEC scammers. Criminals hacked the email account belonging to an officer authorized to order transfers, and sent fraudulent payment requests. The bank honored the payment request and made the wire-transfer of $120,882.83.
Last month, a judge dismissed the district’s lawsuit seeking to reclaim the amount from the bank.
As Stu Sjouwerman points out, this case differs from normal BEC scams– “a third party was conned, as opposed to a victim organization.”
Although unusual, this case does underline the value of having:
- Strong credentials across the organization,
- A sound password policy, and
- Manual controls and multi-person authorization.
Suggested reading: 7 Security measures against BEC you cannot neglect