BreachExchange mailing list archives
Feds confirm a compromised email resulted in $1.75 million hack at Brunswick’s St. Ambrose Catholic Parish
From: Inga Goddijn <inga () riskbasedsecurity com>
Date: Wed, 1 May 2019 08:42:40 -0500
https://www.cleveland.com/crime/2019/04/feds-confirm-a-compromised-email-resulted-in-175-million-hack-at-brunswicks-st-ambrose-catholic-parish.html The FBI confirmed Tuesday that St. Ambrose Catholic Parish in Brunswick lost $1.75 million <https://www.cleveland.com/crime/2019/04/email-hackers-steal-175-million-from-st-ambrose-catholic-parish-in-brunswick.html> through an email scam whose origin was a compromised business email. The church released a letter Saturday acknowledging the missing money, but the federal agency remained mum about its investigation until Tuesday when it confirmed that hackers tricked the church into believing that the construction firm hired to repair the church had changed its bank account. The church wired the money to a fraudulent bank account, Father Bob Stec said in his letter. The FBI, which is working in conjunction with investigators with the Brunswick Police Department, are still investigating and have made no arrest in the case as of Tuesday afternoon. FBI spokeswoman Vicki Anderson said she could not provide any additional information about the case. The FBI says the church fell victim to what it calls a “business email compromise,” or a BEC, where scammers spoof email accounts and websites, utilize phishing emails that appear to come from trusted sources and malware to gain access to the company’s networks and obtain sensitive billing information. “BEC is extremely sophisticated and can utilize various deception techniques to fool individuals,” Anderson said in a statement released Tuesday. St. Ambrose discovered the theft April 17 after Marous Brothers Construction contacted the church to ask why it had not paid two recent bills totaling $1.75 million. The bills are related to the church’s Vision 2020 project <https://stambrose.us/vision-20-20-faq/>, which aims to raise $4 million to repair and restore the church. The church already currently works with an IT consultant, but Stec said it plans to hire another firm to perform a review of its internet security. He added that the church determined that only its email accounts were hacked. No other information — including parishioner databases, or financial information for the church’s automatic giving program — was compromised.
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Feds confirm a compromised email resulted in $1.75 million hack at Brunswick’s St. Ambrose Catholic Parish Inga Goddijn (May 01)