The Oklahoma police pension fund was the victim of an email phishing attack to the tune of $4.2 million dollars. A pension fund employee had their email breached through a successful phishing attack and was able to convince a fund manager to wire money to the attacker’s account. The pension system directors immediately notified the FBI and an investigation ensued. The pension system supports over 1,500 retired retirees with over $1 billion dollars in total assets. A notice was posted on the Oklahoma Law Enforcement Retirement System (OLERS) that stated that law enforcement FBI is handling the investigation and that no member would be affected. OLERS also stated that they fully expect the majority of funds will be recovered. OLERS will also be increasing education opportunities for their employees in the area of cybersecurity best practices.
Employers of large and small businesses should provide ongoing training for their employees in best cybersecurity practices and to adopt a zero-trust culture when it comes to email usage. Any email that is received should be treated with suspicion until it has been verified.