JACKSONVILLE, Fla. – A Jacksonville-based church organization is trying to get back more than $700,000 stolen by cyber thieves.
The Florida Baptist Convention is a network of Southern Baptist churches that span the state and it relies on donations, money that was taken in what the group calls “financial fraud.”
The Florida Baptist Convention, based in Jacksonville, has announced it lost more than half a million dollars in a recent hack. The church lost money that was meant to help a community of churches and ministries.
“As you can imagine, our convention staff and state board of missions is distraught over this loss of financial resources,” leaders wrote in a statement.
Hackers were able to craft an email that looked exactly like the business process that the Florida Baptist Convention had set up to be able to support some of the mission work that they wanted to do this is according to their statement.
Ben Finke is a cybersecurity expert who co-founded Jacksonville-based OnDefend. He knows this scheme all too well. In this case, he believes hackers got access to someone’s email, learned how the organization worked and then sent out fake billing information.
“And so it gets pretty easy for them to figure out if I doctor this up and put a different account number in here, this will look legit to somebody on the other side, and I bet I can get them to send me some money,” Finke said.
FBC sent News4JAX a statement that said the team is working with the FBI, local law enforcement, their bank and insurance company to try to get the money back.
“I guess there’s two avenues they could try, right? The first is law enforcement might be able to recover some of it. I mean, big fan of the folks in law enforcement who have to deal with this, but they are swamped with a lot of these so there’s probably not a great chance. The other side would be insurance. And most insurance carriers tend to not reimburse this kind of thing,” Finke said.
And cybercriminals often trace back to other countries making it incredibly difficult to get any justice.
Finke has this advice:
- Your email is one of your most important online accounts – use a good, strong password that you don’t use anywhere else
- Use multi-factor authentication to log in
- Don’t collect payment over email – this can take more time – but person-to-person will always work better