Tuesday, February 19, 2019
  • Why You Should Be Concerned About Cybersecurity Now More Than Ever Before
  • Microsoft® and Zero Trust Security
  • XKCD, Error Bars
  • Shmoo Con 2019, Michael Portera’s ‘Analyzing Shodan Images With Optical Character Recognition’
  • FreeRADIUS as a Service

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Careers Data Security Security Awareness Security Bloggers Network 

Home » Cybersecurity » Careers » Save the Children Federation Tricked Into Sending $1 Million to Scammers

Save the Children Federation Tricked Into Sending $1 Million to Scammers

by David Bisson on December 14, 2018

Scammers tricked Save the Children Federation, a well-known U.S. charity, into sending them approximately one million dollars.

As reported by The Boston Globe, digital attackers compromised the email account of a Save the Children Federation employee sometime in 2017. They then abused that access to issue a series of fake invoices and documents designed to trick the charity into sending one million dollars to a fraudulent entity in Japan. The scammers explained that the money would help outfit health centers in Pakistan with solar panels.

The organization didn’t spot the fraud in time to stop the transfer. But with the help of insurance, it was able to recover all but $112,000.

Save the Children Federation suffered what’s known as a business email compromise (BEC) scam. In this type of ruse, a digital attacker seizes control of a business email. They subsequently leverage that access for secondary attacks. In some cases, they issue fraudulent wire transfer requests, but in other instances, they request personally identifiable information (PII) or W-2 forms for employees.

According to the FBI’s Internet Crime Complaint Center (IC3), organizations filed 78,617 reports of BEC incidents in the United States and abroad between October 2013 and May 2018. These attacks cost victims a collective total of $12.5 billion and leveraged various techniques, including gift card fraud.

After discovering the incident in 2017, Save the Children Federation strengthened its computer systems and adopted several security measures designed to prevent BEC scams. It began enforcing a policy where an employee must verify new vendors and bank account instructions via phone, for instance.

Stacy Brandom, chief financial officer of Save the Children Federation, says that these and other changes will help protect the charity going forward. As she told The Boston Globe:

We have improved our security measures to (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-awareness/save-the-children-federation-tricked-into-sending-1-million-to-scammers/

December 14, 2018December 14, 2018 David Bisson bec, IT Security and Data Protection, Save the Children Federation, scammers, Security Awareness
  • ← Third-Party Breach Affects Credit Card Info of 47,000 Patients
  • Bitcoin Scammers Launch International Bomb Threat Hoax across US, Canada, Australia, New Zealand →
Featured Blog

Fortinet All Blogs

Fortinet Beats the Competition with its Robust Secure SD-WAN Solution

Fortinet All Blogs

What to Expect at our Accelerate 2019 Conference

Fortinet All Blogs

Turnkey Fortinet Solutions Part of New Marketplace for Oracle Cloud Infrastructure

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

The Cryptojacking Boom May Be Over, but the Threat Remains
New Shlayer Malware Variant Targeting Macs
Dispelling the ‘Security as Bad Guy’ Myth
DevOps Chat: Shifting DevSec Left with ShiftLeft – RSAC Edition
Consumer Privacy in Question Over Ring Video Files
Cybersecurity Science Project or Immediate Value: Which Do You Prefer?
How Hackable Is Your Dating App?
Evaluating Endpoint Security Products: 15 Dumb Mistakes to Avoid
Fortinet Beats the Competition with its Robust Secure SD-WAN Solution
New software standards aim to slow rampant credit card theft

Upcoming Webinars

Tue 26

Reducing Risk of Credential Compromise at Netflix

February 26 @ 1:00 pm - 2:00 pm
Apr 01

Container Security: Securing from Within

April 1 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Open Source Security Management in the Age of DevOps

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Cybersecurity Issues in Mobile App Development
Cybersecurity Industry Spotlight Mobile Security Security Boulevard (Original) 

Cybersecurity Issues in Mobile App Development

February 18, 2019 Ritesh Patil | Yesterday 0
What is Data in Vicinity?
Cybersecurity Endpoint Industry Spotlight Security Boulevard (Original) 

What is Data in Vicinity?

February 15, 2019 Mike Fong | 3 days ago 0
The Cryptojacking Boom May Be Over, but the Threat Remains
Cybersecurity Industry Spotlight Network Security Security Boulevard (Original) 

The Cryptojacking Boom May Be Over, but the Threat Remains

February 14, 2019 Jeremy Moskowitz | 4 days ago 0

Top Stories

WordPress Sites Hacked Through Vulnerable Payment Forms Plug-in
Data Security DevOps Featured Identity & Access News Security Boulevard (Original) Spotlight Vulnerabilities 

WordPress Sites Hacked Through Vulnerable Payment Forms Plug-in

February 15, 2019 Lucian Constantin | 3 days ago 0
New Shlayer Malware Variant Targeting Macs
Endpoint Featured Malware News Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

New Shlayer Malware Variant Targeting Macs

February 14, 2019 Lucian Constantin | 4 days ago 0
IBM Warns Retailers of Trojan Threat
Application Security Cloud Security Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight Threats & Breaches 

IBM Warns Retailers of Trojan Threat

February 12, 2019 Michael Vizard | Feb 12 0

Security Humor

via  the comic delivery system monikered  Randall Munroe  at  XKCD !

XKCD, Error Bars

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.