Thursday, January 21, 2021
  • 3 Cybersecurity Challenges for Remotely Operating Critical Systems
  • Privilege Abuse: Don’t Let Employee Access ‘Level Up’
  • Tome las riendas de su responsabilidad en un modelo de responsabilidad compartida en la nube.
  • Five Things Security and Development Teams Should Focus on in 2021
  • Taming the Vast Sea of Data: Commentary on CISA’s Strategy for 2021

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Careers Data Security Security Awareness Security Bloggers Network 

Home » Cybersecurity » Careers » Save the Children Federation Tricked Into Sending $1 Million to Scammers

Save the Children Federation Tricked Into Sending $1 Million to Scammers

by David Bisson on December 14, 2018

Scammers tricked Save the Children Federation, a well-known U.S. charity, into sending them approximately one million dollars.

As reported by The Boston Globe, digital attackers compromised the email account of a Save the Children Federation employee sometime in 2017. They then abused that access to issue a series of fake invoices and documents designed to trick the charity into sending one million dollars to a fraudulent entity in Japan. The scammers explained that the money would help outfit health centers in Pakistan with solar panels.

The organization didn’t spot the fraud in time to stop the transfer. But with the help of insurance, it was able to recover all but $112,000.

Save the Children Federation suffered what’s known as a business email compromise (BEC) scam. In this type of ruse, a digital attacker seizes control of a business email. They subsequently leverage that access for secondary attacks. In some cases, they issue fraudulent wire transfer requests, but in other instances, they request personally identifiable information (PII) or W-2 forms for employees.

According to the FBI’s Internet Crime Complaint Center (IC3), organizations filed 78,617 reports of BEC incidents in the United States and abroad between October 2013 and May 2018. These attacks cost victims a collective total of $12.5 billion and leveraged various techniques, including gift card fraud.

After discovering the incident in 2017, Save the Children Federation strengthened its computer systems and adopted several security measures designed to prevent BEC scams. It began enforcing a policy where an employee must verify new vendors and bank account instructions via phone, for instance.

Stacy Brandom, chief financial officer of Save the Children Federation, says that these and other changes will help protect the charity going forward. As she told The Boston Globe:

We have improved our security measures to (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-awareness/save-the-children-federation-tricked-into-sending-1-million-to-scammers/

December 14, 2018December 14, 2018 David Bisson bec, IT Security and Data Protection, Save the Children Federation, scammers, Security Awareness
  • ← Third-Party Breach Affects Credit Card Info of 47,000 Patients
  • Bitcoin Scammers Launch International Bomb Threat Hoax across US, Canada, Australia, New Zealand →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Pam Sornson, JD – Contributed Writer

IAM Best Practices For DevOps

Eric Kedrosky

Identity Risk: Identifying a Misconfigured IAM Trust Policy

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Hackers Calling Fair Game on Healthcare Institutions
Managing Identities and Entitlements to Secure the Public Cloud 
Capitol Rioters ID’ed With Help From Dating Apps
Is MDR Cybersecurity Training an Oxymoron?
Bringing Source Code Security Up to Speed
Unemployment Benefits Claims Fraud: New Threats for 2021
Malware protection is easy – Malinformation protection is hard
Pcaps and the Tools That Love Them Part 1 of ???
DEF CON 28 Safe Mode IoT Village – Dr. Amit Bar On’s And Anahit Tarkhanyan’s ‘Future Of IoT Sec Baselines’
The Doritos Conspiracy

Upcoming Webinars

Thu 21

Next Generation Vulnerability Assessment Using Datadog and Snyk

January 21 @ 1:00 pm - 2:00 pm
Mon 25

Security Challenges and Opportunities of Remote Work

January 25 @ 1:00 pm - 2:00 pm
Tue 26

Preventing Code Tampering & Verifying Integrity Across Your SDLC

January 26 @ 1:00 pm - 2:00 pm
Thu 28

Protecting Cloud-Native Apps and APIs in Kubernetes Environments

January 28 @ 1:00 pm - 2:00 pm
Feb 03

Too Close to the Sun(burst): A Supply Chain Compromise

February 3 @ 11:00 am - 12:00 pm
Feb 04

Lessons from the FinTech Trenches: Securing APIs at Finastra

February 4 @ 3:00 pm - 4:00 pm
Feb 10

Finding Vulnerabilities in Your Cloud Native Applications Before They Find You!

February 10 @ 11:00 am - 12:00 pm
Feb 11

How to Merge AppSec and DevOps Effectively for the Good of Software

February 11 @ 3:00 pm - 4:00 pm
Feb 17

Finding and Preventing Secrets in Code

February 17 @ 3:00 pm - 4:00 pm
Feb 18

Protecting Sensitive Customer Data in the New Remote Agent Environment

February 18 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

3 Cybersecurity Challenges for Remotely Operating Critical Systems
Application Security Cybersecurity Endpoint Identity & Access Industry Spotlight Network Security Security Awareness Security Boulevard (Original) 

3 Cybersecurity Challenges for Remotely Operating Critical Systems

January 21, 2021 Bill Moore | 1 hour ago 0
Privilege Abuse: Don’t Let Employee Access ‘Level Up’
CISO Suite Cybersecurity Data Security Endpoint Identity & Access Industry Spotlight Security Boulevard (Original) 

Privilege Abuse: Don’t Let Employee Access ‘Level Up’

January 21, 2021 Torsten George | 1 hour ago 0
How Utilities Can Mitigate Cyberthreats
Cybersecurity Industry Spotlight Security Boulevard (Original) 

How Utilities Can Mitigate Cyberthreats

January 20, 2021 David Goddard | Yesterday 0

Top Stories

Capitol Rioters ID’ed With Help From Dating Apps
Cyberlaw Cybersecurity Featured Incident Response Mobile Security News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence 

Capitol Rioters ID’ed With Help From Dating Apps

January 18, 2021 Richi Jennings | 2 days ago 0
Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?
Analytics & Intelligence Cybersecurity Featured Incident Response Malware Mobile Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?

January 15, 2021 Richi Jennings | Jan 15 0
Hackers Didn’t Only Use SolarWinds to Break In, Says CISA
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Incident Response Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Hackers Didn’t Only Use SolarWinds to Break In, Says CISA

January 11, 2021 Richi Jennings | Jan 11 0

Security Humor

via     the  Comic Noggins  of   Nitrozac     and     Snaggy     at     The Joy of Tech®   !

The Joy of Tech® ‘The Return Of MagSafe’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.