Sunday, October 17, 2021

Philly Food Bank Loses $1m in BEC Scam

Must Read

Backdoor accounts found in More than 100,000 Zyxel firewalls, VPN gateways

Dutch cybersecurity researchers have discovered a backdoor account in 100,000 networking devices manufactured by Zyxel, which may grant hackers...

Hacker is selling passwords of the email accounts of hundreds of C-level executives

Access is offered for $100 to $1500 per account, based on the business size and exec role.A Threat Actor...

Finnish parliament says some lawmakers’ Mails hacked

Parliament stated it had been co-operating together with the NBI from the investigation into the assault. "The cyberattack on...

A Philadelphia food bank was scammed from almost $1m after a small business email compromise (BEC) attack, it’s emerged.

Philabundance is the region’s biggest hunger-relief company and receives tens of thousands of dollars in contributions each year.

Earlier this year, it was in the process of completing a new $12m community kitchen, which is when it was sent an invoice by what managers thought was a construction company supplier.

However, the email was spoofed by an attacker as well as the 923,533 USD was lost, based on The Philadelphia Inquirer. To make things worse, the company then needed to locate the same amount to pay the valid supplier.

It seems as though the non-profit was struck with a BEC scam, where attackers compromise an employee’s email accounts and silently monitor messages sent back and forth.

Then they step in to send a spoofed bill from a legitimate provider in the time you were anticipated to come in, to not raise an alert at the victim company. Particular emails have been deleted to conceal their tracks.

It added that in some instances, desktop and web clients aren’t synced with IT administrators, meaning safety groups can not see when distant workers, or acquaintances, create rule changes.

Colin Bastable, CEO of Lucy Security, contended that policies for provider payments must be upgraded to restrict the number of people authorized to create them and also to demand additional authorizations from senior managers and also the provider itself for big amounts.

“The Philabundance attack assesses all of the boxes of an effective BEC scam: comprehensive research to recognize the goal, social engineering exploits to permeate the community, production of a bogus statement from a known email address along with also the request to wire funds into a phony bank account,” he explained.

The ideal way to help prevent these kinds of strikes is to offer routine security training for workers, and establish a particular company and monetary policies for business payments.”

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This