Broken Bow Public Schools, a Nebraska school district, followed instructions set out in an email related to an ongoing construction project. It later turned out that the email was sent by scammers.
Scammers love phishing, as all it takes is one successful fraudulent email to net them millions. Earlier this week, Broken Bow Public Schools announced it fell victim to a phishing scam, which cost the institution $1.8 million, Nebraska media outlet ruralradio.com reported.
According to the school district’s press release, the incident involved “a fraudulent ACH transfer” that was related to a real ongoing construction project. Scammers apparently sent a fake invoice, which mimicked a “trusted vendor.”
The way the attack was conducted suggests that attackers put some effort into researching their target. For one, they had to be aware of the construction project, which involved parties and school district employees responsible for making payments.
After realizing what had happened, the school district contacted several US authorities, including the FBI, the Nebraska State Patrol, and the US Secret Service. The press release, publicized by ruralradio.com, indicates that law enforcement actions allowed the recovery of $700,000 of the stolen funds.
Phishing companies with fraudulent invoices is a common tactic that scammers use to illegally profit.
For example, Evaldas Rimasauskas, a Lithuanian national, scammed Facebook and Google out of more than $120 million by setting up a company with the same name as an Asian-based computer hardware manufacturer. This tricked US tech behemoths into paying him millions.
However, the law caught up with Rimasauskas, who was later sentenced to five years in prison.
According to the FBI's latest Internet Crime Report, the bureau received over 190,000 phishing-related complaints in 2024, with total complaint loss standing at a tad over $70M.
Phishing relies on social engineering and spoofing to trick individuals. Recent tactics include using AI-generated messages and deepfake technology to create convincing audio or video, making fake requests feel more legitimate.
Cybercriminals may also use AI to personalize phishing emails based on publicly available information, crafting messages that feel relevant to their targets.
So, how do you protect yourself from these sneaky tactics? Cybernews has provided an extensive set of tips on how to recognize and avoid different forms of phishing attacks.
Your email address will not be published. Required fields are markedmarked