The Cleveland Division of the FBI and the Brunswick Police Department, in coordination with the Diocese of Cleveland, confirm that St. Ambrose Catholic Parish located in Brunswick, Ohio, was a victim of a business email compromise (BEC) scheme. St. Ambrose Catholic Parish was alerted to the scheme and law enforcement was notified. The FBI conducted an assessment and quickly identified and informed the parish that they had been a victim of BEC. This continues to be an ongoing investigation, additional details cannot be provided at this time by law enforcement.

The FBI would like to provide the following information:

Business email compromise (BEC) scam is a sophisticated scam targeting both businesses and individuals performing wire transfer payments. The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfer of funds.

BEC is extremely sophisticated and can utilize various deception techniques to fool individuals. Some of the online tools BEC scammers use to target and exploit their victims include: spoofing email accounts and websites with slight variations on legitimate addresses, spear phishing—bogus emails believed to be from a trusted sender prompt victims to reveal confidential information, and malware is often used to infiltrate company networks and gain access to legitimate email threads about billing and invoices, passwords, and/or financial account information.

Don’t be a victim—verbally verify the authenticity of requests to send money by talking to the financial manager or CFOs office, create intrusion detection system rules that flag emails with extensions that are similar to company emails, carefully scrutinize all email requests for transfer of funds to determine if the requests are out of the ordinary.

Remember to keep your firewall turned on, install or update your antivirus software, keep your operating system up to date, be careful what you download, be careful what information you provide over email, and turn off your computer when not in use.

Additional tips on how to protect yourself, your business, your school, your church can be found on www.fbi.gov or at www.ic3.gov.