One Phishing Email Costs Southern Oregon University $1.9M

Southern Oregon University (SOU) was hit by a business email compromise (BEC) attack that cost the institution $1.9 million, as reported by the Mail Tribune.

How the scam succeeded

In late April this year, fraudsters sent a phishing email impersonating Andersen Construction, the contractor responsible for constructing the McNeal Pavilion and Student Recreation Center. The phishing email asked the university to wire the money due for payment to a bank account under the fraudsters’ control. In good faith, the university did as requested and wired the payment. They didn’t realized it was a scam until the actual contractor notified them that it had not received any payment.

BEC on the rise

According to the FBI, the BEC scam has grown 2,370% in the last two years. From October 2013 to December 2016, more than 40,000 scams were reported to the FBI, which have cost businesses more than $5.3 billion. The FBI declares that the way fraudsters choose their victims is still unknown, indicating that there is not a readily identifiable pattern. Victims range from small companies to large organisations in the private and public sectors. Consequently, every organization and institution is a possible victim.

How to reduce the risk

Educating your staff is very important so that they can understand whether a communication is legitimate or a fraud. They need basic training about the fundamentals of phishing attacks and useful tips that teach them how to detect a fraud. If you are unsure as to what training your staff need, have a look at our Phishing Staff Awareness e-learning course.