Save the Children Foundation tricked into transferring around $1 Million to Scammers

Hackers scammed Save the Children Foundation out of around $1 million in a BEC (Business Email Compromise) scam.

Save the Children, a well-known non-profit group based in U.S., supports children worldwide and offers charity services such as fundraising and sponsorships. As per the company's income tax returns of 2017, obtained by Boston Globe and was reported in early December this year, in April 2017 an unidentified hacker posing as an employee of Save the Children tricked the firm to transfer $997,400 to the scammers in Japan.

"This crime was committed and investigated in 2017," a spokesperson told to Threatpost on Friday (i.e. on December 14, 2018).

This scam stemmed from the hackers who were successful in compromising an employee email account of the charity in the year 2017. Once the hackers gained access of the email account, they then use that access for sending fake invoices as well as related documents inside the organization. These fake documents, utilizing the social engineering methods, asked for a particular amount to help in purchasing and installing solar panels of various health facilities in Pakistan. The charity organization was tricked to transfer around $1 Million to the scammers in Japan.

Save the Children coordinated with FBI and law enforcement of Japan for investigating the incident, once the fraud has been discovered in May month of last year. Although the funds that got transferred can't be recalled, but Save the Children does have insurance that covered almost all of lost funds. Finally the charity has to pay $111,616 themselves, rest all they were able to recover.

Stacy Brandom, Save the Children CFO (Chief Financial Officer), told the Globe that "we have improved our security measures to help ensure this does not happen again. Fortunately, through insurance, we were ultimately reimbursed for most of the funds".

Save the Children Foundation is not the only or first charity organization that becomes target of the cybercriminals. For instance, recently in the month of November, the website of Make-A-Wish Foundation fall victim to cryptojacking attack.

The Federal Bureau of Investigation suggested that to protect against the BEC scams, the companies should identify the potential targets within the organization, increase education in relation to BEC emails, and must verify any kind of payments or transfers.

» SPAMfighter News - 12/24/2018