Feds confirm a compromised email resulted in $1.75M hack at Brunswick's St. Ambrose Catholic Parish

BRUNSWICK, Ohio -- The FBI confirmed Tuesday that St. Ambrose Catholic Parish in Brunswick lost $1.75 million through an email scam whose origin was a compromised business email.

The church released a letter Saturday acknowledging the missing money, but the federal agency remained mum about its investigation until Tuesday when it confirmed that hackers tricked the church into believing that the construction firm hired to repair the church had changed its bank account. The church wired the money to a fraudulent bank account, Father Bob Stec said in his letter.

The FBI, which is working in conjunction with investigators with the Brunswick Police Department, are still investigating and have made no arrest in the case as of Tuesday afternoon. FBI spokeswoman Vicki Anderson said she could not provide any additional information about the case.

The FBI says the church fell victim to what it calls a “business email compromise,” or a BEC, where scammers spoof email accounts and websites, utilize phishing emails that appear to come from trusted sources and malware to gain access to the company’s networks and obtain sensitive billing information.

Read more: https://www.cleveland.com/crime/2019/04/feds-confirm-a-compromised-email-resulted-in-175-million-hack-at-brunswicks-st-ambrose-catholic-parish.html