SHELBY, N.C. (WJZY) – Money meant to help kids was instead stolen by hackers.
Cybercriminals stole nearly $60,000 from the Boys and Girls Club of Cleveland County, according to Shelby police, who are investigating.
“It’s sadly no surprise that fraudsters targeted the Boys and Girls Club,” said Charlotte cybersecurity expert Theresa Payton, who is the CEO of Fortalice Solutions. “They go after nonprofits all the time.”
Payton says thieves prey on nonprofits.
“Because they know that the nonprofit is trying to spend every cent they have on the cause,” said Payton. “And, so, oftentimes that means they go fairly barebones on technology. It might mean they’re not as focused on cybersecurity.”
The organization’s email was hacked last month, according to a police report. It is unclear how it happened but their IT consultant became suspicious when he noticed 44,000 emails being sent out. It’s likely those emails were compromised phishing attempts aimed at tricking the Boys and Girls Club contacts in an effort to steal more money.
On Friday, the Boys and Girls Club reported $56,359 stolen. The money was transferred to credit companies, banks and a phone service. A check was also forged using an Oklahoma address.
“That could mean that this is just a domestic fraud ring at play here or a lone wolf,” said Payton. “But, sometimes, in these cybercriminal syndicates that are international, they actually launder money through Americans who are doing work-at-home schemes…They don’t realize that they’re actually being used in a fraudster’s international scheme to launder money.”
The nonprofit hopes to recoup the money through its bank. The investigation is ongoing.
Boys and Girls Club Response
Board president Jack Weller declined to do an on camera interview but provided FOX 46 with the following statement:
“For more than 50 years, the safety and protection of the youth we serve and the responsible stewardship of resources entrusted to us by donors have been our absolute number one priorities. Recently, Boys & Girls Club of Cleveland County learned of unauthorized activity in the Club’s bank account. No funds will be lost by the Club as the financial institution’s fraud department investigates further.
Upon learning this, the Club acted immediately by contacting the proper authorities to investigate this serious matter further. In addition, our Board of Directors has initiated an immediate and rigorous evaluation of all management policies and procedures to determine this discrepancy and further strengthen and safeguard the organization’s finances and operations as we go forward.
Boys & Girls Club of Cleveland County will cooperate fully with authorities involved in the investigation and will withhold further comment until the process is complete.” – Jack Weller, Boys and Girls Club of Cleveland County Board President
So how do you keep you and your organization safe? Payton recommends:
- Voice verifying: Ask the sender of an email if they meant to send it if you’re unsure.
- Check links for known viruses and malware through websites like virustotal.com.
- Set up two-factor authentication for email and bank accounts.
- Organizations should not use a CEO’s public email to authorize money transfers or bill payments.
- Set up text alerts for when a new payee is added to an account or a new check is written.
- Set up alerts for suspicious network activity and unfamiliar logins.
More headlines from CBS17.com: