Cyber Incident Victim: Henderson School District
Date:
Oct 2018
Location:
United States of America
Summary
The Henderson School District suffered a business email compromise (BEC) attack that resulted in a $600,000 loss after an electronic payment intended for a construction contractor was diverted to a fraudulent account. The district discovered the fraudulent transfer days later, prompting an internal review and investigations by local law enforcement and the U.S. Secret Service. The incident exemplifies typical BEC tactics, where attackers used plain-text emails—without malicious links—to deceive recipients into authorizing illegitimate transactions, bypassing standard email security measures. The attack targeted routine vendor payments, underscoring the financial and operational vulnerabilities associated with such socially engineered schemes.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Henderson School District in Texas suffered a business email compromise (BEC) attack in late September 2018, resulting in a fraudulent transfer of $609,615.24 intended for RPR Construction Company Inc., a contractor managing facility projects for the district. On September 26, district personnel processed an electronic payment to what they believed was RPR Construction's account. Five days later, on October 1, officials discovered the funds had been diverted to a fraudulent account after realizing the payment never reached the legitimate contractor. District representatives confirmed the unauthorized transfer resulted from a BEC scheme, though they withheld specifics about the fraudulent communication method or attacker impersonation tactics. The incident triggered immediate involvement of local law enforcement and the U.S. Secret Service, with an internal district review launched concurrently. No public disclosure occurred regarding whether funds were recovered or whether the attack compromised other district financial systems beyond this transaction.
District authorities cited the active investigation as justification for withholding additional operational details about the attack vector, perpetrator origins, or potential security control failures. Public records confirmed the attack's financial impact—a single $609,615.24 loss—without evidence of data exfiltration or secondary malicious activity. The Barracuda Networks study referenced in contemporaneous reports noted that approximately 60% of BEC attacks during this period involved plain-text emails lacking malicious links, relying instead on social engineering to induce wire transfers. This characterization aligned with the limited available details from Henderson officials, who confirmed the attack exploited email communication without elaborating on technical specifics. The incident remained under federal and local investigation as of the initial October 12 reporting, with no subsequent public updates regarding attribution or financial recovery.