CONWAY, SC (WMBF) – Coastal Carolina University continues to work to recover money that was stolen from the college in a phishing scam.
A release from CCU stated an individual who claimed to represent a company under contract with the university contacted its financial services via email and requested to change the company's bank account information.
Beth Branham, the marketing assistant for South Atlantic Bank, said those who perpetrate these types of scams are "getting very sophisticated for sure."
The university's release goes on to say the fraudsters provided what appeared to be official documents that included the company's logo, tax ID numbers and even the names of company officials, which is why a CCU employee fulfilled the request.
"All the information is correct, the email address is correct, the contact information is correct, so you don't know the difference," Branham said.
Juliana Harris, communications director for the South Carolina Department of Consumer Affairs, said money that is stolen in this way could be going well beyond the United States.
"So that's why you want to be careful on the front end, because it can be such a difficult trace to stop the flow of cash once it's begun," Harris said.
Thanks to quick action, university officials said they've recovered more than $564,000 of the more than $1 million taken. On campus, additional "cybercrime safeguards" will be installed to make sure nothing like this happens again.
"Any time you are getting those kinds of requests, you just want to double check and make sure," Harris said. "It might be an inconvenience and slow down the process, but if it's saving you a million dollars, it's worth it in the long run."
University officials made clear none of the funds it gets from state or tuition money will be used to cover the loss.
Former FBI assistant director Chris Swecker gave WMBF news the following statement:
"This is a fairly common scam on the internet. Either the FBI or US Secret Service will work the case. This scam can be done thru skillful penetration via a phishing email into the company email system to identify the vendor payments person. The bad guys impersonate the external company's payments received person and changes the bank account info. They create a sense of urgency and fraudulently induce a payment. The bad guys have to know that a payment is due or pending. That either comes from an insider or thru penetration of the company email system. The bad guys impersonate the external company's payments received person and changes the bank account info. They create a sense of urgency and fraudulently induce a payment. The perpetrators are usually Russian criminal organizations."
As of Thursday, CCU officials would not comment on the investigation any further.