Foss Swim School reportedly lost $1.3 million in February from scammers who hacked the email server and sent emails from the founder’s account.
According to CBS News Minnesota, the hackers responded to an email meant for Foss Swim School founder Jon Foss asking how he preferred his tax distributions to be paid. The scammers answered with instructions for the organization’s accounts payable clerk, who fulfilled the requests with four sums ranging from $29,500 to $127,500.
But the hackers decided they weren’t done yet. Still using the founder’s account, they asked the clerk for more funds for construction on a new building in Burnsville, Minnesota. The clerk obliged, sending two payments of $800,000 and $288,244.46.
The IT department at Foss Swim School later found an email sent from the founder’s account that read, “Brother, I enter the Box and see as everything dey go. I pray she makes the payment. I don leave the Box for you but if everything works out, Do the needful. I dey wait for your reply.” The recipient replied: “Bless up my bro you be man drop ur lCQ for me mine @godwill101.”
Account records indicate that the money was transferred to a Chase account and then wired to Metropolitan Commercial Bank. The scam remains under investigation by police in Eden Prairie, Minnesota, where Foss Swim School is headquartered.
Foss Swim School operated two dozen locations in six states across the Midwest. Just last month, the organization celebrated its 30th anniversary, claiming to have taught nearly 20 million students to swim through their programs since opening in 1993.
Among the notable alumni are three-time Olympic medalist and former world record holder Regan Smith, a native of Lakeville, Minnesota, who learned to swim at the school. The organization features a “Swim Like Regan” section of their website that says Smith will make appearances at Foss Swim School during the lead-up to the Paris 2024 Olympics.
Foss Swim School wasn’t the only local Eden Prairie organization that was scammed out of a million dollars recently. Eden Prairie Police are also investigating how the Margaret A. Cargill Foundation was swindled out of $1 million in grant money intended for an organization in Alaska. A hacker apparently infiltrated the email account of one of the grant’s recipients and changed the account number to steal the funds. Experts say cyberattacks on non profits have been on the rise recently.
It sounds like they have a trail on the money which may still be within the US banking system, it’s possible it gets recovered. Though my eyebrows raise at that second bank named, a quick Google search and it’s shady AF.
I really hope they can recover the funds this is devastating..
“hacked the email server”. Translation: their password was password123
Keep an eye on the clerk
ANOTHER BOOMER
Man, that clerk…. Rough
Wow, who knew that ICQ is still around??
Get that opsec together everyone
I work in finance with a background in supervision and compliance. This is SO common. Never take instructions via email.
Public service announcement: Please talk to the important people in your life, especially the elderly, about scams. If you yourself are ever being told to send money somewhere and the person on the other end says you can’t tell anyone, it is always fraud/scams.