Oklahoma Pension Fund Robbed of $4.2 million via Compromised Email

Stu Sjouwerman | Sep 17, 2019

AP_19249628229338Attackers stole millions of dollars from Oklahoma’s pension fund for retired law enforcement officers, the Oklahoman reports. The Oklahoma Law Enforcement Retirement System (OLERS) said the funds were stolen on August 26th, after an employee’s email account was hacked. The attackers were able to divert $4.2 million being handled by an investment manager.

The FBI has recovered $477,000 of the stolen funds, and OLERS believes they’ll be able to recover more. Otherwise, the agency’s insurance provider will have to make up the losses.

The employee whose account was hacked wasn’t fired, and OLERS is providing employee training to prevent this type of attack in the future. OLERS’ president, Roy Rogers, told the Oklahoman that business email compromise can affect anyone.

“It happens every day,” Rogers said. “It can happen to an individual. It can happen to a state. It can happen to a company....This kind of crime has just got rampant.”

Technical defenses alone aren’t enough to thwart social engineering attacks. Security controls like two-factor authentication are essential, but even these can be defeated by a determined attacker who targets the human. New-school security awareness training can address human vulnerabilities and turn your employees into security assets.

The Oklahoman has the story: https://oklahoman.com/article/5640503/hackers-get-42-million-from-pension-fund-for-retired-troopers-state-agents

Discover Your Organization’s Exposed Email Attack Surface

Cybercriminals constantly scan the deep web and thousands of breach databases to find exposed employee identities, credentials, and passwords to launch targeted social engineering attacks. Run our free Email Exposure Check Pro (EEC) to safely uncover your at-risk users and see what your organizational structure looks like to an attacker before they exploit it.

Get Your Free Email Exposure Report

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.