According to The Advocate, East Baton Rouge Parish school lost $46,500 in a phishing scam, which requested three transactions be wired to different banks in New York. The scam took place in May, and was caught within days of the transactions. Fortunately for the school, the final $25,000 transaction was able to be stopped. The school was also able to recoup over $22,000 in transacted funds, and their insurance policy covered almost another $15,000. That being said, the school still lost roughly $10,000.
The phishing scam was a falsified email from the superintendent sent to the chief business operations officer (CBOO). Typically all wire transfers from the school require two signatures; however, the other individual required to sign was out of the office. Therefore, the CBOO signed both by herself and sent them, per the hackers request. What is most shocking, is the superintendent’s office is right across the hall from the CBOO, yet she didn’t confirm these requests with him. That being said, the emails did state the superintendent was busy and/or in meetings and could not be bothered.
Superintendent Warren Drake said the most concerning action was the lack of follow-up with him regarding these requests. He also stated wire transfers are a rarity for the school. This should have been a red flag. There is no doubt the CBOO should have confirmed these transactions with him. There is also no doubt, there needs to be better controls in place for wire transfers. Superintendent Drake said additional controls will be evaluated, as they completed an audit evaluating the process after the scam occurred.