Friday, July 23, 2021

Philly Food Bank Loses $1m in BEC Scam

Must Read

Philly Food Bank Loses $1m in BEC Scam

A Philadelphia food bank was scammed from almost $1m after a small business email compromise (BEC) attack, it's emerged. Philabundance...

Suspected Attackers Steal FireEye Red Team Tools

Security giant FireEye has been on the receiving end of a complex, publication attack from state actors searching for...

The third malware Strain detected in SolarWinds supply chain attack

Security investigators have found another type of malware used by Russian attackers to loosen SolarWinds. CrowdStrike, one of two security...

A Philadelphia food bank was scammed from almost $1m after a small business email compromise (BEC) attack, it’s emerged.

Philabundance is the region’s biggest hunger-relief company and receives tens of thousands of dollars in contributions each year.

Earlier this year, it was in the process of completing a new $12m community kitchen, which is when it was sent an invoice by what managers thought was a construction company supplier.

However, the email was spoofed by an attacker as well as the 923,533 USD was lost, based on The Philadelphia Inquirer. To make things worse, the company then needed to locate the same amount to pay the valid supplier.

It seems as though the non-profit was struck with a BEC scam, where attackers compromise an employee’s email accounts and silently monitor messages sent back and forth.

Then they step in to send a spoofed bill from a legitimate provider in the time you were anticipated to come in, to not raise an alert at the victim company. Particular emails have been deleted to conceal their tracks.

It added that in some instances, desktop and web clients aren’t synced with IT administrators, meaning safety groups can not see when distant workers, or acquaintances, create rule changes.

Colin Bastable, CEO of Lucy Security, contended that policies for provider payments must be upgraded to restrict the number of people authorized to create them and also to demand additional authorizations from senior managers and also the provider itself for big amounts.

“The Philabundance attack assesses all of the boxes of an effective BEC scam: comprehensive research to recognize the goal, social engineering exploits to permeate the community, production of a bogus statement from a known email address along with also the request to wire funds into a phony bank account,” he explained.

The ideal way to help prevent these kinds of strikes is to offer routine security training for workers, and establish a particular company and monetary policies for business payments.”

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This