Save the Children Foundation has revealed that they were targeted by scammers last year through a sophisticated email scam, which lead to a loss of around $1 million.
The non-profit Charity which supports children worldwide, said that fraudsters have managed to gain access to an employee’s email account in order to pretend as the staff member in question.
After gaining access to the account the cyber criminals created numerous false invoices and documents claiming the need to purchase solar panels for health centers in Pakistan.
The Connecticut-based charity organization believed the trick which was done in May 2017, and approved the transfer of around $1 million to an entity in Japan which was used as a front to gather the cash.
When the foundation came to know about the fake invoices, it was too late and the cash was already gone.
Save the Children had insurance that covers close to all of the lost funds, and in total the charity lost only $112,000.
Stacy Brandom, the chief financial officer of Save the Children stated that they have improved their security measures to make sure that incidents like this does not happen again and that they were fortunate enough to reimbursed most of the funds.
The scammers have succeeded in targeting the foundation by following all the rules of Business Email Compromise (BEC) attacks almost to the letter. It requires steps like compromising a business email account using the brute-force hacking or social engineering, then pose to be a legitimate staff member, and tempt another person to approve false invoices or fraudulent payments.
Scams of these types are now common and they are difficult to track down too as these criminals may be located in any country