Thought Leadership
Fraudsters posed as a trustworthy supplier and scammed millions with a fake invoice. The investigating authorities were at least able to recover part of the money.
A phishing attack has cost the Broken Bow Public Schools district in the US state of Nebraska 1.8 million dollars in damages. As reported by the local media portal ruralradio.com (via Cybernews), those responsible fell for a fake email relating to an ongoing construction project.
Targeted attack with high damage potential
According to the school district, the incident involved a “fraudulent ACH transfer” in the context of a real-world construction project. The attackers had created a fake invoice that appeared to be from a “trusted vendor.”
The approach indicates that the cybercriminals invested considerable effort in preparing their attack. Not only did they have to be informed about the ongoing construction project, but they also had to know the parties involved and the school district employees responsible for payments.
Partial damage limitation by authorities
After the fraud was discovered, the school district immediately contacted several US authorities, including the FBI, the Nebraska State Patrol and the US Secret Service. Thanks to the rapid response of the investigating authorities, 700,000 dollars of the stolen funds were recovered, according to the press release.
