Threat Watch

$1.75 Million Stolen From Church Email Attack

Attackers have been able to steal $1.75 Million from the Saint Ambrose Catholic Parish after a successful BEC (Business Email Compromise) that was discovered on April 17th. Payments that were intended to be sent to a contractor for renovations were never received. The church, which has about 16,000 parishioners, is the second largest church in the Diocese of Cleveland. A BEC attack is an easy method used by hackers because it does not require much in the way of technical skills. It works by tricking a user through email communication to redirect information or money to the attackers by posing as the legitimate account owner. BEC attacks were reported to make a staggering $1.2 billion dollars globally. BEC style attacks have seen an unprecedented 476% growth from 2017 to 2018 according to industry experts.

ANALYST NOTES

If a user receives an email requesting information or money transfers to be sent to a new location, the user should contact the recipient directly to verify the information. Also, the user should check the email address against known and trusted sources as a secondary verification. If a fraudulent email is received, it should be deleted and the affected vendor should be notified.