A food bank in Philadelphia has ended up out of pocket after scammers successfully tricked it out of almost one million dollars.
As The Philadelphia Inquirer reports, hunger relief group Philabundance – which each year receives tens of millions of dollars in donations – was in the process of completing a $12 million construction project of a new community kitchen when the scammers struck.
Posing as a legitimate construction company that was owed money for the building work, scammers sent a bogus invoice to Philabundance requesting payment.
Regrettably, employees of the food bank wired $923,533 into an account under the control of criminals.
According to Philabundance chief executive Loree Jones, the error was only realised 18 days later, when the genuine construction company waiting for payment asked when it would receive payment.
Typically such scams, known as Business Email Compromise (BEC) scams, take place after scammers have broken into email systems and monitored communications between organisations and their suppliers, allowing them to create convincing invoices for genuine work that is taking place – but directing payments to bank accounts until their control.
Earlier this year, the FBI said BEC scams had defrauded companies of some $1.7 billion during 2019.
Jones says that Philabundance has sought expert advice to boost its security, and trained employees to be more aware of Business Email Compromise attacks.
In addition, processes have been introduced so additional approval is required from executives before large payments to suppliers and contractors are made.
Of course, the pain for Philabudance is not just that it has lost almost one million dollars, and not even that it has still had to find another million dollars to pay its construction partner, but that this is money that now cannot be put to a much much better use – helping those who are in desperate need of food for themselves and their families.
My question is why are companies still wiring huge sums of money. Go back to writing checks. Send it overnight. I would think by now people AND companies would recognize there is a huge danger in continuing to engage in electronic transfers no matter how security conscious you might be. Hackers are always coming up with new ways to separate us from what we have. Seems like there is a basic lack of common sense here.
When I worked in Construction, companies either sent a I.D holding employee whom we already knew, or we sent the check overnight.