Food bank loses nearly $1,000,000 in Business Email Compromise scam

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Food bank loses nearly $1,000,000 in Business Email Compromise scam

A food bank in Philadelphia has ended up out of pocket after scammers successfully tricked it out of almost one million dollars.

As The Philadelphia Inquirer reports, hunger relief group Philabundance – which each year receives tens of millions of dollars in donations – was in the process of completing a $12 million construction project of a new community kitchen when the scammers struck.

Posing as a legitimate construction company that was owed money for the building work, scammers sent a bogus invoice to Philabundance requesting payment.

Sign up to our free newsletter.
Security news, advice, and tips.

Regrettably, employees of the food bank wired $923,533 into an account under the control of criminals.

According to Philabundance chief executive Loree Jones, the error was only realised 18 days later, when the genuine construction company waiting for payment asked when it would receive payment.

Typically such scams, known as Business Email Compromise (BEC) scams, take place after scammers have broken into email systems and monitored communications between organisations and their suppliers, allowing them to create convincing invoices for genuine work that is taking place – but directing payments to bank accounts until their control.

Earlier this year, the FBI said BEC scams had defrauded companies of some $1.7 billion during 2019.

Jones says that Philabundance has sought expert advice to boost its security, and trained employees to be more aware of Business Email Compromise attacks.

In addition, processes have been introduced so additional approval is required from executives before large payments to suppliers and contractors are made.

Of course, the pain for Philabudance is not just that it has lost almost one million dollars, and not even that it has still had to find another million dollars to pay its construction partner, but that this is money that now cannot be put to a much much better use – helping those who are in desperate need of food for themselves and their families.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Food bank loses nearly $1,000,000 in Business Email Compromise scam”

  1. Davilyn Eversz

    My question is why are companies still wiring huge sums of money. Go back to writing checks. Send it overnight. I would think by now people AND companies would recognize there is a huge danger in continuing to engage in electronic transfers no matter how security conscious you might be. Hackers are always coming up with new ways to separate us from what we have. Seems like there is a basic lack of common sense here.

    When I worked in Construction, companies either sent a I.D holding employee whom we already knew, or we sent the check overnight.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.