Texas School District Loses $2.3 Million to Phishing Scam, BEC
Manor Independent School District (MISD) in Texas is investigating an email phishing attack after a series of seemingly normal school-vendor transactions resulted in the loss of an estimated US$2.3 million. According to the statement posted on Twitter, the district is cooperating with the Manor Police Department and the Federal Bureau of Investigation (FBI), and encouraged the community to share any information related to the incident.
[Read: US$1.7 million stolen from North Carolina County after BEC scammers posed as contractor]
According to local reports, the attack was done across three separate transactions, with the cybercriminals contacting multiple individuals in the district from November to December. Failing to recognize that the bank information was changed, one email recipient responded and followed through with the transactions before recognizing that it was a fraudulent bank account.
[Read: Report: Over 20% of phishing campaigns target Microsoft users]
Schools and local government institutions have become a target of cybercriminals for business email compromise (BEC), with losses amounting to millions after failing to recognize discrepancies in suppliers’ and contractors’ email exchanges. As Trend Micro included in their 2020 Predictions, cybercriminals are expected to maximize profit via BEC and phishing by combining old techniques with new technologies. Here are some best practices that can be followed to avoid or defend against these kinds of attacks:
- Look for suspicious elements in emails and discrepancies from their usual forms of communication. Examples of these include invoices or email inquiries arriving without any context, messages that require urgent action, misspelled words in the subject line, or grammatical errors in the email content.
- Examine embedded URLs in emails before clicking. Hovering the pointer above the link or checking the URL may show a different target address.
- Fund transfers, requests and transactions should always be verified via other channels and with other teams or personnel. Contact the supplier or contractor via a phone call using previously used and verified contact information, or procedures can include having redundant sign-offs with higher officers.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases