Cyber criminals Steal $1.75 Million From An Ohio Church

Saint Ambrose Catholic Parish, a Cleveland-area church recently fell victim to a cyber attack. Even though no ransomware was involved, the incident proved to be a very costly one. The criminal(s) behind the attack stole $1.75 million from the church.

Saint Ambrose Catholic Parish is in the midst of a major renovation. The attackers used the opportunity to scam the church. This renovation process involves a lot of multi-party communication and the transfer of large sums of money. In the case of St. Ambrose, attackers seized on the back-and-forth between the church and its contractors.

Cyber criminals sent emails to the church in which they impersonated employees from the construction company that is doing their renovations. An email provided "updated instructions" for future wire transfer payments related to the renovation project. Someone unwittingly took the bait and funds earmarked for the construction company were wired to accounts that were under the hackers' control instead.

When the February and March installments didn't arrive, an employee of the company contacted the Parish to find out why it had fallen behind on its payments. St. Ambrose had always been on time before, so the alarm bells were sounded immediately.

The FBI has been called in to investigate and the church has filed an insurance claim that it hopes will cover the seven-figure loss.

Security professionals refer to this type of attack as a business email compromise or BEC. They've become increasingly common in recent years in no small part because of the potential for criminals to defraud victims of very large sums of money.

The attackers typically send phishing emails to identify potential victims. While big scores are enticing to these criminals, easy money is, too. It's quite common for a BEC scam to target less tech-savy individuals

Last year the FBI pegged total global losses resulting from BECs at around $12 billion. That figure had risen more than 130% over the previous year and a half.

Unfortunately we see this happen all too often. Even with the best security tools in place, this kind of attack preys on human error and vulnerabilities. The best way to avoid becoming a victim of these kind of attacks are to educate yourself and your employees. To learn 5 easy ways to spot a phishing email, read our article. We offer phishing testing and training to our clients. For more information or a quote, contact us today.