Several school districts across the U.S. have fallen prey to highly sophisticated Business Email Compromise (BEC) scams, losing millions in the process. These incidents highlight the growing threat of cyberattacks against public sector organisations – are you prepared to defend against similar scams?
Cybercriminals have been targeting schools by impersonating trusted vendors and manipulating employees into making unauthorised payments.
In Tennessee, Johnson County Schools lost $3 million when scammers posed as a vendor and convinced the finance department to change payment details. The fraud was only discovered after the legitimate vendor reported missing payments, but by then, the funds were already gone.
In California, a similar BEC scam recently unfolded in the Riverside Unified School District. Cybercriminals posed as a legitimate vendor and convinced school officials to transfer more than $900,000 into fraudulent accounts. These cases reveal just how widespread and effective BEC scams have become against public institutions.
Schools and other public sector organisations are increasingly targeted by scammers because they often have limited cybersecurity budgets and high volumes of financial transactions. These institutions are viewed as vulnerable due to their complex administrative structures and the urgency often associated with payment requests. A recent report highlights how municipalities and school districts are particularly attractive to cybercriminals, facing growing threats from a range of sophisticated scams.
The financial fallout from these scams can be severe—ranging from operational disruptions and delayed payments to legal challenges and reputational damage. For example, in 2020, Fairfax County Public Schools, one of the largest school districts in the US, suffered a ransomware attack that compromised sensitive data, leading to delays in school activities and substantial costs for data restoration and improved security.
BEC scams aren’t just an IT issue—they’re a direct threat to your organisation’s finances. They exploit trust and familiarity, manipulating employees into authorising payments or sharing sensitive information. The costs? Financial losses, reputational damage, and potential regulatory penalties.
A recent data breach analysis shows that these attacks often start with stolen data. Scammers use this information to create phishing emails that look so genuine even seasoned professionals can’t spot the difference.
For finance leaders, BEC scams directly impact the financial integrity of the organisation. Finance teams are often the primary target because they manage sensitive financial data and handle payment transactions. When funds are diverted through fraudulent means, it leads to direct financial losses, potential budget shortfalls, and strained relationships with vendors.
Additionally, these scams often expose weaknesses in financial controls, leading to scrutiny from auditors and regulatory bodies. Organisations may face fines, penalties, and increased insurance premiums if they fail to demonstrate adequate controls to prevent such incidents. Finance departments must therefore take proactive steps to safeguard against these threats by strengthening financial controls, verifying payment details, and ensuring compliance with regulatory standards.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
US construction and government sectors lost $7.7 million in BEC scams. Learn how fraudsters exploited financial controls and how finance leaders can protect their organisations.
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.
