Cyber Incident Victim: Griffin Funeral Home
Date:
Oct 2017
Location:
United States of America
Summary
Hackers compromised a Louisiana funeral home's primary Yahoo email account, impersonating the owner to solicit fraudulent wire transfers of $2,450 to a Ukrainian bank under false pretenses of a family medical emergency during a European vacation. The attackers leveraged familiarity with the business operations but omitted key elements of the legitimate email signature, prompting customer inquiries that alerted staff to the breach. Despite multiple password resets by employees, the perpetrators retained persistent access to the account, ultimately locking the organization out entirely. The business reported the incident to law enforcement and Yahoo without immediate resolution, forcing adoption of a new email address while notifying contacts to disregard prior scam correspondence. This resulted in operational disruption and reputational harm due to unauthorized financial solicitations targeting clients and partners.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around October 18, 2017, unauthorized actors compromised the Yahoo email account of Griffin Funeral Home in West Monroe, Louisiana, which served as the organization's primary communication channel with customers and business partners. The attackers gained control late that Wednesday, subsequently initiating a targeted email scam campaign posing as the funeral home's owner, Glenda Griffin. They contacted recipients from the compromised account, initially requesting favors before soliciting $2,450 wire transfers to a Ukrainian bank account. To legitimize these requests, the threat actors fabricated a narrative claiming Glenda was vacationing in Europe while her cousin required emergency medical treatment. Forensic evidence suggested the perpetrators conducted pre-attack reconnaissance on the company's operations and leadership structure, though operational security lapses occurred—notably, fraudulent emails omitted Glenda's complete email signature, which typically included standard legal disclaimers.
Funeral home staff detected the breach after customers and partners began telephoning inquiries regarding Glenda's fabricated emergency situation. Examination of the account's Sent folder revealed unauthorized messages missing the full signature template. Personnel attempted to regain control through four successive password resets, but attackers persistently recompromised the account through unknown means until the legitimate users were permanently locked out. The organization formally reported the incident to local law enforcement and contacted Yahoo for account recovery assistance, though no response from either entity was documented by October 22. Operational continuity measures included establishing a new primary email address and proactively notifying stakeholders to disregard fraudulent correspondence while updating contact information. Immediate consequences included potential financial exposure for recipients targeted by the scam, reputational harm to the business, and disruption of client communications during active service arrangements.