Save the Children Federation Tricked Into Sending $1 Million to Scammers
The State of Security
Scammers tricked Save the Children Federation, a well-known U.S. charity, into sending them approximately one million dollars.
As reported by The Boston Globe, digital attackers compromised the email account of a Save the Children Federation employee sometime in 2017. They then abused that access to issue a series of fake invoices and documents designed to trick the charity into sending one million dollars to a fraudulent entity in Japan. The scammers explained that the money would help outfit health centers in Pakistan with solar panels.
The organization didn’t spot the fraud in time to stop the transfer. But with the help of insurance, it was able to recover all but $112,000.
Save the Children Federation suffered what’s known as a business email compromise (BEC) scam. In this type of ruse, a digital attacker seizes control of a business email. They subsequently leverage that access for secondary attacks. In some cases, they issue fraudulent wire transfer requests, but in other instances, they request personally identifiable information (PII) or W-2 forms for employees.