Federal agents have detained individuals suspected to have carried out a cyber fraud scheme that stole $206,000 from the Sumter County School Board in Florida.
Investigators revealed that the criminal fraud involved hackers fooling a school official into entering school board banking information on a fake website, Orlando Weekly reported.
These types of scams are referred to as social engineering schemes, which involve bad actors psychologically manipulating victims into providing sensitive information. Actions the bad actors might trick their victims into include wiring money to a fraudulent bank account or sharing commercially sensitive information with an unauthorized entity. These types of schemes are performed in a way so that the victims do not know they are being manipulated, and so they do not question the validity and security of their actions.
“While business email compromise attacks can seem quite simple in their deployment, they’re often very cleverly done. We shouldn’t underestimate the social engineering sophistication by which these attacks are undertaken,” Ryan Rubin, a partner for Ernst & Young’s UK Forensic & Integrity Services team, told Insurance Business in a previous statement.
Organizations might have the latest in cyber security, but protecting their own employees from being deceived is another matter altogether. Steve Crystal, head of financial crime at Sedgwick, has recommended that employees should be made more aware of the risks of social engineering so that they will not fall victim.
“Placing emphasis on awareness by an organization’s leadership team is vital – education for all colleagues [focusing] on what to look out for is fundamental. It’s incumbent on each of us to work in a way that protects against risks and threats - and setting that tone from the top is key,” Crystal explained.