Save the Children Federation Tricked Into Sending $1 Million to Scammers - Security Boulevard
Sunday, September 26, 2021
  • Case Study: Cyber and Physical Security Convergence
  • Facebook Isn’t Just Like Tobacco, It’s Cancer
  • DEF CON 29 Cloud Village – Michael Raggo’s ‘Identifying Toxic Combinations Of Permissions’
  • The Joy of Tech® ‘The Facebook Files’
  • DEF CON 29 Cloud Village – Igal Flegmann’s ‘I Know Who Has Access To My Cloud, Do You’

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Careers Data Security Security Awareness Security Bloggers Network 

Home » Cybersecurity » Careers » Save the Children Federation Tricked Into Sending $1 Million to Scammers

Save the Children Federation Tricked Into Sending $1 Million to Scammers

by David Bisson on December 14, 2018

Scammers tricked Save the Children Federation, a well-known U.S. charity, into sending them approximately one million dollars.

As reported by The Boston Globe, digital attackers compromised the email account of a Save the Children Federation employee sometime in 2017. They then abused that access to issue a series of fake invoices and documents designed to trick the charity into sending one million dollars to a fraudulent entity in Japan. The scammers explained that the money would help outfit health centers in Pakistan with solar panels.

The organization didn’t spot the fraud in time to stop the transfer. But with the help of insurance, it was able to recover all but $112,000.

Save the Children Federation suffered what’s known as a business email compromise (BEC) scam. In this type of ruse, a digital attacker seizes control of a business email. They subsequently leverage that access for secondary attacks. In some cases, they issue fraudulent wire transfer requests, but in other instances, they request personally identifiable information (PII) or W-2 forms for employees.

According to the FBI’s Internet Crime Complaint Center (IC3), organizations filed 78,617 reports of BEC incidents in the United States and abroad between October 2013 and May 2018. These attacks cost victims a collective total of $12.5 billion and leveraged various techniques, including gift card fraud.

After discovering the incident in 2017, Save the Children Federation strengthened its computer systems and adopted several security measures designed to prevent BEC scams. It began enforcing a policy where an employee must verify new vendors and bank account instructions via phone, for instance.

Stacy Brandom, chief financial officer of Save the Children Federation, says that these and other changes will help protect the charity going forward. As she told The Boston Globe:

We have improved our security measures to (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-awareness/save-the-children-federation-tricked-into-sending-1-million-to-scammers/

December 14, 2018December 14, 2018 David Bisson bec, IT Security and Data Protection, Save the Children Federation, scammers, Security Awareness
  • ← Third-Party Breach Affects Credit Card Info of 47,000 Patients
  • Bitcoin Scammers Launch International Bomb Threat Hoax across US, Canada, Australia, New Zealand →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Most Read on the Boulevard

The Future of Industrial Cybersecurity
Breached Alaska Gov Systems Still Down—After 5 MONTHS
Best Practices for ICS and OT Security
‘Russian’ Ransom Gang Targets Big Agri Co-op—Food Shortages Ahoy?
Microsoft Finds Phishing Op Behind Enterprise Campaigns
DEF CON 29 Cloud Village – Rami McCarthy’s ‘Cloud Security Orienteering’
New Jupyter Evasive Delivery through MSI Installer
Cyber Attack Strikes US Critical Infrastructure
The Secret Behind Least Privilege: CIEM
Building a secure application in five steps

Upcoming Webinars

Wed 29

5 Don’ts for Supporting Developers with Cloud Resources

September 29 @ 11:00 am - 12:00 pm
Thu 30

CompOps: How Compliance Operations Help Dev Orgs Conquer Increasing Regulatory Hurdles

September 30 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

The Future of Industrial Cybersecurity
Cybersecurity Industry Spotlight IoT & ICS Security Security Boulevard (Original) 

The Future of Industrial Cybersecurity

September 22, 2021 Kirill Naboyshchikov | 4 days ago 0
State of DevOps 2021: Benefits of a Secure Software Supply Chain
Application Security Cloud Security Cybersecurity Featured Industry Spotlight Security Awareness Security Boulevard (Original) 

State of DevOps 2021: Benefits of a Secure Software Supply Chain

September 21, 2021 Dustin Smith | 4 days ago 0
Protecting Data From Insider Threats
Cloud Security Cybersecurity Data Security Identity & Access Industry Spotlight Security Boulevard (Original) Vulnerabilities 

Protecting Data From Insider Threats

September 20, 2021 Surya Varanasi | Sep 20 0

Top Stories

‘Russian’ Ransom Gang Targets Big Agri Co-op—Food Shortages Ahoy?
Analytics & Intelligence Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response IoT & ICS Security Malware Network Security News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches 

‘Russian’ Ransom Gang Targets Big Agri Co-op—Food Shortages Ahoy?

September 23, 2021 Richi Jennings | 2 days ago 0
Breached Alaska Gov Systems Still Down—After 5 MONTHS
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Breached Alaska Gov Systems Still Down—After 5 MONTHS

September 21, 2021 Richi Jennings | 4 days ago 0
OMIGOD! Azure Vulnerabilities Are Being Exploited
Application Security Cloud Security Cybersecurity Featured Malware News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

OMIGOD! Azure Vulnerabilities Are Being Exploited

September 17, 2021 Teri Robinson | Sep 17 0

Security Humor

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech®!

The Joy of Tech® ‘The Facebook Files’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.