A recent business email compromise attack on a Pennsylvania school district resulted in bad actors making off with more than $13 million.

A recent business email compromise attack on a Pennsylvania school district resulted in bad actors making off with more than $13 million.

https://6abc.com/chester-upland-school-district-theft-13-million-stolen-from-delaware-county-attorney-jack-stollsteimer-fraud/12169001/

March-21-post-image

Risk to Business: 1.337 = Severe
A recent business email compromise attack on a Pennsylvania school district resulted in bad actors making off with more than $13 million. Authorities say hackers used a stolen district employee email account to snatch the money by sending official-looking messages from that account and then diverting payments to themselves. After diverting the payments, the cybercriminals then used a romance scam conducted through the dating site eHarmony to entice a Florida woman to launder the money unwittingly. The scheme came to light after the Pennsylvania Department of the Treasury flagged a large transfer, unraveling the whole mess. $10 million of the money has since been recovered.
 

March-21-post-image

Individual Impact:
No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business: Business email compromise is hard to detect but causes the most financial damage. This school district got lucky recovering money.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.