In a sophisticated cybercrime incident, thieves managed to steal $107,625 from the University of Central Florida (UCF) by exploiting a vulnerability in the university’s payment system. The scheme involved hacking into a vendor’s computers and sending a fraudulent request for a payment to a different bank account. Despite the fraudulent nature of the request, UCF officials unknowingly processed the transaction. The funds, which included an original payment of $84,625 and an additional $23,000, were transferred to the scammer’s account, and by the time the university noticed, most of the money had already been withdrawn.
The fraud was not immediately detected due to a simultaneous spam-bombing attack that overwhelmed the university’s email system. When UCF employees later sought to verify the legitimacy of the payment request, they did not see the vendor’s warning email in time because the system had been flooded with spam messages. The warning came just a few hours after the transaction was approved, but by then, the funds had already been moved, and attempts to recover the money were unsuccessful. A request made to the bank to reverse the transaction was denied when it was found that the fraudulent account had insufficient funds.
In response to the theft, the Florida auditor general’s report revealed that UCF lacked sufficient safeguards to prevent fraud in vendor payment processes. The report found that even after the incident, the university was still sending payments before thoroughly verifying vendor bank details. This oversight has led to increased scrutiny over UCF’s financial procedures, and the school is now under pressure to adopt stricter verification protocols. The university has assured the public that it is implementing more robust measures to prevent similar fraud attempts in the future.
UCF has also made improvements to its internal controls, including training employees to recognize and prevent fraud, as well as manually verifying changes to vendor banking details. The institution has not identified the vendor involved in the fraud but has stated it was able to recover a small portion of the stolen funds. While the university continues to investigate the full scope of the attack, this incident highlights the growing risks of cybercrime in educational institutions and the need for heightened vigilance in handling financial transactions and vendor relationships.
Reference:
