Skip to content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Business Email Compromise Attack Leads to Millions in Non-Profit Loss

    BEC Attack Non Profit

    A business email compromise attack at Illinois’s Office of the Special Deputy Receiver led to a loss of $6.85 million, Ray Long at the Chicago Tribune reports. Long describes the Office as “a nonprofit that works with the director of the Illinois Department of Insurance and exists largely to protect creditors and policyholders of financially troubled or insolvent insurance companies.”

    The office’s former Chief Financial Officer, Douglas Harrell, provided the Tribune with details of the attack, explaining that $2.8 million was able to be recovered.

    “While state officials were saying little about the cyberattack, the office’s former chief financial officer, Douglas Harrell, told the Tribune that his email was hijacked by hackers who then directed others how to invest money with what appeared to be approval of his superiors,” Long writes. “Harrell said a quick call to bank officials blocked a significant amount of the $6.85 million from being lost before all transactions became final. The agency learned of the breach July 15 and contacted the Pritzker administration and the Illinois State Police, Harrell said.”

    Harrell told the Tribune that the attackers had lurked within his email account for two to three weeks before impersonating him to authorize the fraudulent transactions. He also noted that the attack was particularly effective since he and his co-workers were working remotely.

    “What’s really a shame is criminals just taking advantage of COVID,” Harrell said. “Without a cybersecurity expert at our shop…we weren’t prepared. We just didn’t know how to protect ourselves properly from cyber hackers….It’s just fraud through and through.”

    Long notes that cybercriminals often target state and local governments because these entities have less funding than Federal agencies or large corporations. New-school security awareness training can familiarize your employees with these tactics so they can recognize and thwart BEC attacks and other forms of social engineering.

    GovTech has the story.


    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top