A group of criminal asswipes have managed to steal $1m from the Save the Children Foundation.
The global children's health charity said in its 2017 fiscal report (PDF) to the IRS that, back in April of last year, some total sleezebag was able to get control of an employee's email account and then convince the organization to make a transfer of $997,400 to a bank account in Japan.
According to Save The Children, the dickhead(s) who pulled off the scam disguised the illicit transfer as a purchase of solar panels for health centers in Pakistan. It was only a month later that the crime was discovered.
While the feckless rectal warts were able to make off with the charity's money, insurance covered much of the damage.
"By the time that the fraud was discovered in May 2017, the transferred funds could not be recalled, but Save the Children was subsequently able to recover $885,784 from its insurance carriers to mitigate the financial loss," the filing explains.
"In addition, Save The Children coordinated with the FBI, and through them, the Japanese Law Enforcement to assist in criminal investigations related to this incident, and we have taken steps internally to strengthen cybersecurity and other processes to prevent cyberfraud."
Christians Against Poverty pleads for forgiveness over data breachREAD MORE
No word was given on whether the arseholes who committed the fraud have been caught, but hopefully they get what is coming to them in the most painful way imaginable.
The attack was one of two incidents that occurred at the charity in 2017. A separate attempt by another utter bastard to steal funds (through a hacked vendor) tried to get the company to wire $9,210 to a bank account in Benin. That fraud was caught and all but $120 were recovered.
Lamar Bailey, director of security research and development at Tripwire, noted that Save the Children was hardly alone in falling victim to these sort of attacks.
"Social engineering is one of the easiest and most effective ways for attackers to reach their goals," Bailey noted. "Emails that originate inside of a company are often just assumed to be legitimate and never questioned."
Administrators and managers would be well served to remind end users to always keep an eye out for suspicious requests, and when they spot one check with the sender (either in person or over the phone) to verify. ®