Malicious actors used a Business Email Compromise (BEC) scam to prey upon a Philadelphia non-profit food bank.

According to The Philadelphia Inquirer, the scam occurred back in July when the hunger relief organization Philabundance was nearing the completion of its $12 million Philabundance Community Kitchen.

DevOps Experience

Nefarious individuals impersonated the construction company responsible for building the Philabundance Community Kitchen and asked that the food bank fulfill an invoice for $923,533.

Philabundance’s finance office paid the invoice on July 6. Several weeks later, the construction company asked where its money was. That’s when the non-profit organization realized it had fallen victim to scammers and deposited its money into an account under the control of fraudulent actors.

The Philadelphia Inquirer wrote that Philabundance had used reserve funds to complete the construction of its community kitchen. It also noted that the organization could recover some of its losses from having filed an insurance claim for the ruse.

The team at Philabundance confirmed the incident and wrote that the scam had not affected donors’ information:

This fraud was a one-time event and did not involve the day-to-day finances of our organization or any personal information of staff. Nor did it did affect our online donation system. Our donors can trust that their donations through that online platform have reached us and will continue to reach us, and will be used to feed the hundreds of thousands of people in our area who do not get enough to eat on a daily basis.

The food bank went on to state that it had invested in upgrades to its IT security systems and financial controls designed to defend against these types of attacks. Philabundance didn’t specify what these measures were. But according to The Philadelphia Inquirer, the non-profit organization had hired a security expert to recommend (Read more...)