Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Business Email Compromise Scam takes New Hampshire Town for $2.3 Million

    BEC ScamSocial engineering is at the heart of this attack, where scammers successfully tricked a town into redirecting not just one but several bank transfers.

    Last month, the town of Peterborough, New Hampshire put out a press release stating they were the victims of a Business Email Compromise (BEC) scam in July focused on tricking their finance department into changing banking details on payments intent on being made to the Contoocook Valley School District as well as a general contractor Beck and Bellucci.

    Taking advantage of the “transparent nature of public sector work to identify the most valuable transactions and focus their actions on diverting those transfers”, the cybercriminals were able to redirect funds to scammer-controlled bank accounts without raising any red flags with the town of Peterborough. It wasn’t until the ConVal School District called inquiring about their missing $1.2M payment that the town was even aware of a problem.

    As of the time of writing this article, the $2.3M overall that was stolen had not been recovered.

    This simple story of how social engineering is sometimes all it takes to become a victim is a stark warning for organizations that anyone involved with financial transactions should be taught to be vigilant when interacting with emails. Through Security Awareness Training, stories like this could literally become a thing of the past – all it takes is a single user to recognize that something’s amiss and check the from email address, make a phone call to verify, something other than just unknowingly go along with the fraudulent request.

     

    Return To KnowBe4 Security Blog

    Can hackers spoof an email address of your own domain?

    DSTAre you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit "CEO Fraud", penetrating your network is like taking candy from a baby.

    Now they can launch a "CEO fraud" spear phishing attack on your organization, and that type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.

    Find out now if your domain can be spoofed. The Domain Spoof Test (DST) is a one-time free service. Run this test so you can address any mail server configuration issues that are found.

    Try To Spoof Me!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/domain-spoof-test/

    Topics: Social Engineering, CEO Fraud

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews