The Henderson, Texas school district was hit with a business email compromise (BEC) attack resulting in a $600,000 loss for the district.
Only a few details on the attack have been issued by district officials.
What has been made public is that on September 26 the district issued an electronic payment of $609,615.24 to RPR Construction Company Inc., which is overseeing work done on several district facilities, according to The Henderson News. On October 1 school officials discovered the payment did not go to RPR, but into fraudulent account and that the district was tricked into doing so through a BEC attack.
An internal review is underway and local police along with the U.S. Secret Service are now involved, but due to the on-going investigation no further details have been issued, The Henderson News reported.
A recent Barracuda study found most BEC incidents are direct and uncomplicated and mirror what appears to have happened at Henderson.
“An important observation is that about 60% of BEC attacks do not involve a link: the attack is simply a plain text email intended to fool the recipient to commit a wire transfer or send sensitive information. These plain text emails are especially difficult for existing email security systems, because they are often sent from legitimate email accounts, tailored to each recipient, and do not contain any suspicious links,” the Barracuda report stated.