Tuesday, January 28, 2020
  • It’s Data Privacy (and Protection) Day!
  • How Idaptive Helped SBA Communications Uncross Its Wires To Achieve More Innovative Wireless Delivery
  • The Quick Guide to LDAP
  • There’s no evidence the Saudis hacked Jeff Bezos’s iPhone
  • Research: More Worries with Wasm

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Careers Data Security Security Awareness Security Bloggers Network 

Home » Cybersecurity » Careers » Save the Children Federation Tricked Into Sending $1 Million to Scammers

Save the Children Federation Tricked Into Sending $1 Million to Scammers

by David Bisson on December 14, 2018

Scammers tricked Save the Children Federation, a well-known U.S. charity, into sending them approximately one million dollars.

As reported by The Boston Globe, digital attackers compromised the email account of a Save the Children Federation employee sometime in 2017. They then abused that access to issue a series of fake invoices and documents designed to trick the charity into sending one million dollars to a fraudulent entity in Japan. The scammers explained that the money would help outfit health centers in Pakistan with solar panels.

The organization didn’t spot the fraud in time to stop the transfer. But with the help of insurance, it was able to recover all but $112,000.

Save the Children Federation suffered what’s known as a business email compromise (BEC) scam. In this type of ruse, a digital attacker seizes control of a business email. They subsequently leverage that access for secondary attacks. In some cases, they issue fraudulent wire transfer requests, but in other instances, they request personally identifiable information (PII) or W-2 forms for employees.

According to the FBI’s Internet Crime Complaint Center (IC3), organizations filed 78,617 reports of BEC incidents in the United States and abroad between October 2013 and May 2018. These attacks cost victims a collective total of $12.5 billion and leveraged various techniques, including gift card fraud.

After discovering the incident in 2017, Save the Children Federation strengthened its computer systems and adopted several security measures designed to prevent BEC scams. It began enforcing a policy where an employee must verify new vendors and bank account instructions via phone, for instance.

Stacy Brandom, chief financial officer of Save the Children Federation, says that these and other changes will help protect the charity going forward. As she told The Boston Globe:

We have improved our security measures to (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-awareness/save-the-children-federation-tricked-into-sending-1-million-to-scammers/

December 14, 2018December 14, 2018 David Bisson bec, IT Security and Data Protection, Save the Children Federation, scammers, Security Awareness
  • ← Third-Party Breach Affects Credit Card Info of 47,000 Patients
  • Bitcoin Scammers Launch International Bomb Threat Hoax across US, Canada, Australia, New Zealand →
Featured Blog

Enzoic

Automate Password Policy & NIST Password Guidelines

Enzoic

7 Cybersecurity Predictions for 2020

Enzoic

HITRUST & PASSWORDS: 7 Important Password Policies for HITRUST

Enzoic

Cybersecurity Trends to Watch in 2020

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

IT Security: Detection Doesn’t Equal Protection
Low-Intensity Conflict: Cyber, Iran’s Next Move
Assessing the Dangers Caused by Cryptojacking
Survey: SMBs Plan to Embrace AI but Don’t Know the Risks
Detect Cyberattacks Early for Business Resiliency
How to watch the 2020 Australian Open live online
Ryuk Ransomware — Malware of the Month, January 2020
Personal Online Security – Account Management
Embracing Data Privacy Day
DEF CON 27, Voting Village – Kimberly Young McLear PhD ‘Organizational Cybernetics: A Key To Resilience’

Upcoming Webinars

Feb 04

From Dystopia to Opportunity: Stories from the Future of Cybersecurity

February 4 @ 1:00 pm - 2:00 pm
Feb 05

Top Cybersecurity Threats and How SIEM Protects Against Them

February 5 @ 1:00 pm - 2:00 pm
Feb 14

The Role of Security Technologists in Public Policy

February 14 @ 11:00 am - 12:00 pm
Feb 25

New Paradigms for the Next Era of Security

February 25 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Open Source Security: Weighing the Pros and Cons

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Detect Cyberattacks Early for Business Resiliency
Cybersecurity Data Security Incident Response Industry Spotlight Security Boulevard (Original) Threats & Breaches 

Detect Cyberattacks Early for Business Resiliency

January 28, 2020 Ajay Kumar | Yesterday 0
Assessing the Dangers Caused by Cryptojacking
Cybersecurity Industry Spotlight Malware Security Boulevard (Original) 

Assessing the Dangers Caused by Cryptojacking

January 27, 2020 Charlie J. Powers | 1 day ago 0
IT Security: Detection Doesn’t Equal Protection
Analytics & Intelligence Cybersecurity Industry Spotlight Security Boulevard (Original) 

IT Security: Detection Doesn’t Equal Protection

January 24, 2020 Bob Noel | 4 days ago 0

Top Stories

Check Point Reveals Zoom Video Hack
Cybersecurity Data Security Featured News Security Boulevard (Original) Spotlight 

Check Point Reveals Zoom Video Hack

January 28, 2020 Michael Vizard | Yesterday 0
Cisco Launches IoT Security Platform
Cybersecurity DevOps Featured IoT & ICS Security News Security Boulevard (Original) Spotlight 

Cisco Launches IoT Security Platform

January 28, 2020 Michael Vizard | Yesterday 0
Microsoft Leaks 250M Customer Details in Azure Fat-Finger Faux Pas
Cloud Security Cybersecurity Data Security Featured Identity & Access News Security Boulevard (Original) Spotlight 

Microsoft Leaks 250M Customer Details in Azure Fat-Finger Faux Pas

January 23, 2020 Richi Jennings | Jan 23 0

Security Humor

via , originally via

Change Your Password

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2020 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.