Broken Bow Public Schools Loses $1.8M in Phishing Scam

Alan V Gutnov
Alan V Gutnov

Director of Strategy

 
July 16, 2025 3 min read

$1.8 Million Stolen From Broken Bow Public Schools in Phishing Scam

A significant cybersecurity breach occurred at Broken Bow Public Schools in Nebraska, leading to a loss of $1.8 million due to a phishing scam. The incident involved a fraudulent Automated Clearing House (ACH) transfer linked to an ongoing construction project.

US School District Phishing Scam

Image courtesy of Troy Point

The school district received a sophisticated phishing email containing false payment instructions that appeared to be from a trusted vendor. As a result, the payment meant for a contractor was mistakenly sent to a fraudulent account. The district stated they had taken immediate action, launching a full investigation and collaborating with various authorities, including the Federal Bureau of Investigation, Nebraska State Patrol, and U.S. Secret Service.

Despite the setback, Broken Bow Public Schools has successfully recovered nearly $700,000 of the stolen funds through ongoing investigations and insurance claims. The district has assured the community that the construction project will continue without interruption and emphasized there would be no tax increases to cover the financial shortfall.

To prevent similar occurrences in the future, new protocols and safeguards regarding ACH transfers and financial transactions have been implemented within the district office. As the district noted in their statement, “We are committed to keeping our community informed and to taking every possible step to safeguard public funds.”

For more details, refer to the original news release.

How the Phishing Scam Unfolded

The phishing attack was characterized as a business email compromise (BEC) incident, where scammers sent a fake invoice that mimicked communication from a legitimate construction vendor. This highlights the sophisticated nature of these cybercrimes, as the fraudsters had clearly researched the school's ongoing construction project.

Phishing Infographic

Image courtesy of Troy Point

The phishing email included detailed information that made it appear authentic, effectively deceiving school officials into authorizing the ACH transfer. This type of scam is prevalent, particularly targeting organizations during significant financial transactions, as corroborated by the FBI’s Internet Crime Report, which noted over 190,000 phishing complaints in 2024 with total losses exceeding $70 million.

Response and Recovery Efforts

Upon realizing the scam, Broken Bow Public Schools acted swiftly by contacting federal authorities. The collaboration with law enforcement has been crucial in recovering a portion of the lost funds, with the district actively working through its insurance provider to reclaim the remaining amount.

FBI's Internet Crime Report Data

Image courtesy of Troy Point

The district has reassured stakeholders that the financial position remains strong, thanks to careful planning and budgeting. The construction project is set to continue as planned, with no disruption expected.

In light of this incident, it is imperative for organizations to adopt robust cybersecurity measures to protect against such threats. Simple verifications, such as direct communication with vendors before processing payments, can significantly mitigate risks.

For additional insights, visit the Nebraska Public Media coverage.

Potential customers are encouraged to explore our services at Gopher Security or contact us for more information on how we can help safeguard your organization against similar cybersecurity threats.

Alan V Gutnov
Alan V Gutnov

Director of Strategy

 

MBA-credentialed cybersecurity expert specializing in Post-Quantum Cybersecurity solutions with proven capability to reduce attack surfaces by 90%.

Related Articles

Ransomware Attacks Target Russian Vodka and Healthcare Sectors

The Novabev Group, parent company of the Beluga vodka brand, experienced a ransomware attack on July 14, 2025, causing significant disruptions. The attack affected WineLab, the company's liquor store chain, leading to a three-day closure of over 2,000 locations in Russia. The company reported that the attack crippled its IT infrastructure, particularly point-of-sale systems and online services. Novabev Group stated, "The company maintains a principled position of rejecting any interaction with cybercriminals and refuses to fulfill their demands."

By Alan V Gutnov July 19, 2025 3 min read
Read full article

Retail Sector Faces Surge in Ransomware Attacks: A 2025 Analysis

Publicly disclosed ransomware attacks on the retail sector globally surged by 58% in Q2 2025 compared to Q1, with UK-based firms being particularly targeted, according to a report by BlackFog. This spike in attacks follows high-profile breaches affecting retailers like Marks & Spencer (M&S), The Co-op, and Harrods, attributed to the threat actor known as Scattered Spider.

By Alan V Gutnov July 19, 2025 2 min read
Read full article

AI-Driven Lcryx Ransomware Emerges in Cryptomining Botnet

A cryptomining botnet active since 2019 has incorporated a likely AI-generated ransomware known as Lcryx into its operations. Recent analysis by the FortiCNAPP team at FortiGuard Labs identified the first documented incident linking H2miner and Lcryx ransomware. This investigation focused on a cluster of virtual private servers (VPS) utilized for mining Monero.

By Edward Zhou July 19, 2025 3 min read
Read full article

Preventing ClickFix Attacks: Safeguarding Against Human Error

ClickFix is an emerging social engineering technique utilized by threat actors to exploit human error. This technique involves misleading users into executing malicious commands under the guise of providing "quick fixes" for common computer issues. Threat actors use familiar platforms and deceptive prompts to encourage victims to paste and run harmful scripts.

By Alan V Gutnov July 19, 2025 3 min read
Read full article