A successful phishing scam has left a Texan school district $2.3 million out of pocket.
Last week, the Manor Independent School District, in Manor, Texas, said an inquiry is underway to track down the cybercriminals responsible for the fraudulent email campaign.
Phishing emails were sent to the organization in November, leading to three separate transactions taking place. An employee uncovered the scheme a month later, leading to the Manor police force and the FBI’s involvement.
However, the nature of the emails and who fell for them is not yet known.
See also: Over 20 Texas local governments hit in ‘coordinated ransomware attack’
The Manor Independent School District serves over 9,000 students. In a release, the school district said that an investigation is ongoing and there are “strong leads,” but law enforcement is requesting any information others may have to track down the cyberattackers.
At this stage, it is uncertain if the money can be recovered.
Business Email Compromise (BEC) scams usually begin with phishing, in which malicious and fraudulent emails are sent in the hopes of duping an employee into paying fake invoices or handing over sensitive information.
Without the training necessary to spot these messages — and even with a good understanding of how they usually appear — it can be all too easy for fraudsters to succeed.
Email has replaced pen-and-paper as one of our main methods of communication, but the features used to ascertain who a sender is, whether this is their name, email address, or company logos and signatures, can all be faked and spoofed.
Microsoft has published a roundup of last year’s most interesting phishing techniques, including the hijack of search engine results, custom 404 pages, Man-in-The-Middle (MiTM) attacks, and banner grabbing.
In August 2019, 23 local Texan governments were subject to a coordinated cyberattack in which ransomware was deployed on systems.
Data from the Texas Department of Information Resources (DIR) was impossible to access and networks were encrypted by Sodinokibi (REvil) ransomware.
Sodinokibi has also been at the heart of a recent and catastrophic security incident suffered by Travelex. The currency service was forced offline on New Year’s Eve and it is only now that customer-facing services are on the way to restoration. Third-party currency services including those offered by Tesco Bank, Virgin Money, and HSBC have also been affected.
This particular form of ransomware is believed to be responsible for the encryption of company data, but Travelex says there is “no evidence” at present that customer information has been compromised or stolen.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0