15.07.2025
2 min
513
One email and $1.8 million is gone. A school in Nebraska has fallen victim to a carefully planned phishing attack by attackers who tracked a real construction project and posed as an official contractor. This once again demonstrates how vulnerable any institution can be – even an educational one.
The victim is the Broken Bow Public Schools in Nebraska. Officials confirmed that they paid a large fake invoice related to a real construction project. The scammers imitated correspondence with a “trusted supplier” by sending a fake ACH (automatic bank transfer) instruction.
A clarification in the school’s press release and comments from local media ruralradio.com indicate that the attackers had access to detailed information about internal financial transactions and employees. This indicates a well-thought-out attack with elements of social engineering. At the same time, thanks to the rapid response of federal and local services, it was possible to return $ 700,000 of the stolen funds.
This case is not unique. A famous fraudster from Lithuania, Evaldas Rimasauskas, once defrauded Google and Facebook of more than $ 120 million using a similar scheme with a fictitious company. According to the latest FBI data, in 2024, more than 190,000 phishing complaints were recorded, the total amount of losses exceeded $ 70 million.
Modern phishing attacks increasingly use AI technologies, deep fakes, personalization and social engineering. Thanks to public sources, attackers easily collect data about the victim, which makes the letters as convincing as possible.
Phishing is not just spam. It is a personalized manipulation that hits the most vulnerable points – human trust. Even large organizations can suffer if they don’t follow basic payment verification principles. Every email is a potential threat. And every employee should know how to recognize it.
