Hackers have stolen $1.75 million from the Saint Ambrose Catholic Parish following a successful BEC (Business Email Compromise) attack which was discovered on April 17 after payments related to the church’s Vision 2020 project were not received by a contractor.
Corin Imai, Senior Security Advisor at DomainTools:
“This incident shows that no organisation which represents a significant financial opportunity is safe from cybercriminals. BEC scams are more readily associated with the corporate world, with hackers impersonating members of finance departments or the C-Suite in order to trick subordinates into making fraudulent transfers to a contractor or associated business, but this comes as a welcome reminder that all organisations with significant budgets need to take the appropriate measures before making any transfers. In addition to email filtering systems, those responsible for organisational finances should take the time to cross reference any emails they receive with those from addresses known to be genuine. It’s better to make a legitimate transfer late than a fraudulent one fraudulent promptly.”