The Arkansas Times reported:
With the click of a mouse, the Pine Bluff School District lost more than $3.2 million.
The company sends invoices or “pay applications,” and then, if necessary, others weigh in on the figures. In this case, Barbaree said, the architect questioned some of the numbers. When that was settled, the architect approved the total and then sent it to Barbaree for her approval.
“In the meantime, someone hacked into that email thread and requested that the amount be paid with a wire transfer,” she said. “That wasn’t normal for them, but they said it was the end of the year and auditors were coming, and we do occasionally make wire transfers so we went ahead.”
Barbaree said the district’s finance director made the transfer of $3,204,640 and then called to make sure the money had gone through. “They said the money must have gone into a wrong account because they had not received it,” Barbaree said.
The company sends invoices or “pay applications,” and then, if necessary, others weigh in on the figures. In this case, Barbaree said, the architect questioned some of the numbers. When that was settled, the architect approved the total and then sent it to Barbaree for her approval.
“In the meantime, someone hacked into that email thread and requested that the amount be paid with a wire transfer,” she said. “That wasn’t normal for them, but they said it was the end of the year and auditors were coming, and we do occasionally make wire transfers so we went ahead.”
Barbaree said the district’s finance director made the transfer of $3,204,640 and then called to make sure the money had gone through. “They said the money must have gone into a wrong account because they had not received it,” Barbaree said.
Find the original article here.
Takeaway: Have a separate process for remittance changes that includes controls, validations, authentication and best practices. It's great that a call was made to confirm the payment, so the victim knew right away there was a problem.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
Takeaway: Have a separate process for remittance changes that includes controls, validations, authentication and best practices. It's great that a call was made to confirm the payment, so the victim knew right away there was a problem.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat