Save the Children Hit by $1m BEC Scam (Dec 17, 2018)
The American post for the UK-based charity, "Save the Children Federation," released that they had been a victim to a Business Email Compromise (BEC) following filing their taxes with the Internal Revenue Service (IRS). The unknown threat actor managed to somehow access an employee's email account and then sent the organisation fake invoices for solar panels for a Pakistani health centre, along with other documents. The money was transferred to a Japanese bank account prior to the discovery of the scam, and the organisation was able to recover all but $112,000 of the money sent.
Recommendation: It is helpful for your business to use a company domain for email accounts, and maintain policies to educate employees to identify BEC attempts. Corporate email accounts should also employ two-factor authentication to add another layer of protection to email accounts that contain sensitive information. There should be processes in place to ensure that money transfer requests are legitimate and that there are "assembly line" procedures of thoroughly assessing, verifying, accepting, and conducting money transfers within organisations so as to guarantee many different eyes see the request and make sure it is going to whom and where it is supposed to, if it is a valid request.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.