Staff at St. Ambrose Roman Catholic Church in Brunswick say the church was scammed out of nearly $2 million. The church said a phishing email led it to believe that a construction firm doing renovation work at the church had changed its bank account. The news comes one week after St. Ambrose had reopened for Easter following its four-months-long, $5.5 million renovation.
“We were paying our bills. At some point somebody was able to get into our email system and in the course of that, changed the routing numbers for the wire transfers.” said Father Bob Stec, the parish’s Pastor.
The FBI is working the case to see if it can trace where the hack came from. The Church is now paying it’s bills using paper checks. The Diocese and church are seeking insurance as an avenue for getting the money back.
That is not always easy. Many cyber security policies do not cover damages when they are caused by criminals that use social engineering tactics to manipulate employees.