Canadian university tricked out of $11.8 million in phishing scam

It has been revealed that MacEwan University in Edmonton, Canada, has fallen victim to a phishing scam. Fraudulent emails were sent to university staff advising them that one of their clients was updating their bank account details.

Staff didn’t question the convincing-looking emails, which resulted in $11.8million being paid into the fraudulent account. According to the BBC, “the scam came to light when the real client complained of non-payment.”

After discovering the scam, the university notified the relevant authorities and is now working with them to investigate and recover the lost funds. The majority of the funds ($11.4million) have been traced to Montreal and Hong Kong, and those accounts have subsequently been frozen.

In a statement released by the university, spokesman David Beharry said: “There is never a good time for something like this to happen.”

He continued:

As our students come back to start the new academic year, we want to assure them and the community that our IT systems were not compromised during this incident. Personal and financial information, and all transactions made with the university are secure. We also want to emphasize that we are working to ensure that this incident will not impact our academic or business operations in any way.

The most important line of defense is the person who receives the email. If your staff are able to identify and properly respond to a malicious email, the danger can be mitigated. And, with phishing attacks on the increase, this example reiterates the importance for training staff.

How to protect your organization from phishing attacks

No matter how effective your spam filter is, a spoof email could bypass it, making your organization’s staff the last line of defense against fraud. It is therefore vital that your staff are aware of the risks of phishing emails. E-learning courses are an efficient, cost-effective method of training all your staff with minimal disruption.

Our Phishing Staff Awareness Course gives your staff an introduction to understanding and spotting phishing scams, and helps reduce the chance that an employee will hand over confidential information or inadvertently infect your organization’s systems. The course helps employees identify phishing attacks, explains what would happen should they fall victim, and shows them how they can mitigate the threat of an attack.

Find out more >>