Pics News

Ontario police, U.S. secret service help save business $615K from spear phishing scheme

[ad_1]


Earlier this month, a business in the Toronto area fell for a spear phishing scam nearly losing more than $615,000, police say.


Thanks to some quick action, the $615,820 wire transfer sent from a Mississauga company to a U.S. bank was intercepted and frozen before fraudsters could get their hands on it, Ontario Provincial Police said in a news release Monday.


OPP received a call Feb. 2 from the Canadian Anti-Fraud Centre (CAFC) after it received a complaint about a spear phishing fraud, which happens when business emails are compromised.


The United States Secret Service was contacted which then alerted the U.S. financial institution.


“As a result of the timely reporting to the CAFC and the quick action of the members from each organization, the business is well-positioned to recover the funds,” OPP said.


How spear phishing works


In a spear phishing scam, “fraudsters send messages to a targeted business or individual’s email account, often to the accounts payable department.”


“Fraudsters will create an email address similar to the targeted company’s email address in order to appear as though the email is originating from a trusted source (a supplier or contractor),” OPP said.


“The fraudster will request an urgent payment to an alternate bank account for an invoice that is due.”


Scammers may also send harmful malware software.


“If an employee clicks on it, a rule will be created to send copies of incoming emails to one of the fraudster’s email accounts,” police said.


“Fraudsters will take their time to collect information, study the language on their intended targets and look for important contacts, payments and dates so they can send convincing emails from a seemingly trusted source. Fraudsters launch their attack when an accounts payable invoice has been identified.”


Tips to protect yourself from spear phishing:


  • Complete cyber and fraud training

  • Avoid opening unsolicited emails or clicking on suspicious links or attachments

  • Hover your mouse over an email address or link to confirm they are from someone you know and are correct

  • Restrict sharing information publicly, including on social media

  • Create detailed payment procedures including verbal authentication for any urgent requests or changes in payment details

  • Verify unusual requests

  • Upgrade and update technical security software

  • Establish procedures for identifying, managing and reporting suspected fraud


“If you become a victim of a fraud or know someone who has, contact your local police service to report the crime and report it to the CAFC at 1-888-495-8501 or online on the Fraud Reporting System (FRS), even if a financial loss did not occur,” OPP said.


Recent attacks


Laurentian University is continuing to recover from a cyber incident on Feb. 18 that resulted in all IT systems being shutdown.


Last month, fraudsters hacked a construction contractor’s email and defrauded the City of Greater Sudbury out of $1.5 million.

[ad_2]

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button