Phishing dupes Canadian university out of $11.8 million
LEARN MORE FREE TRIAL CONTACT EVIZONE
When private companies fall for the tricks of cybercriminals, it’s their investors who stand to lose the most and who must demand accountability.
Yet when public institutions like schools and hospitals are scammed, taxpayers are left picking up the bill.
The latest example happened at Alberta’s MacEwan University. CBC reports:
“An Edmonton university was defrauded of $11.8 million after staff failed to call one of its vendors to verify whether emails requesting a change in banking information were legitimate.
MacEwan University discovered the fraud on Aug. 23 after the legitimate vendor, a construction company, called to ask why it hadn’t been paid.
Three payments were made to the fraudulent account: one on Aug. 10 for $1.9 million; another on Aug. 17 for $22,000 and a third on Aug. 19 for $9.9 million.
Most of the money — more than $11.4 million — has been traced to accounts in Montreal and Hong Kong, the university said in a news release Thursday.
Those funds have now been frozen, the university said, adding it is working with legal counsel in Montreal, London and Hong Kong to pursue civil action to recover the money. The status of the rest of the missing money isn’t known.
University spokesperson David Beharry said the scammers sent emails that looked legitimate.
“A domain site with the authentic logo was sent,” Beharry told reporters. “The individual asked us to change banking information from the vendor. That information was changed.”
Advanced Education Minister Marlin Schmidt said in a statement he found it unacceptable that the university fell victim to this scam.
He’s asked the chair of MacEwan’s board of directors to report by Sept. 15 about how this could have happened.
“While I’m told that MacEwan has put improved internal financial controls to help prevent it from happening again, I expect post-secondary institutions to do better to protect public dollars against fraud,” Schmidt said in a statement.”
The Education Minister has the right attitude. With everything we know about cybersecurity today, there is no excuse for advanced education facilities to fall victim to such schemes.
There is hope for the University: the perpetrators of the attack were not sophisticated enough to funnel the money elsewhere, and with the funds now frozen, the cash will likely be recovered – at least in part. The next large-scale victim may not be so lucky.
If you’re reading this and concerned about the cybersecurity of your institution – whether it’s public or private, non-profit or for-profit – get in contact with us to learn more about our secure communications software. With Evizone, you never have to worry about anything malicious lurking within your messages.
About Evizone Ltd.
Evizone Ltd. is a revolutionary secure communications, encryption and compliance software and service provider based in Montreal, Quebec, Canada. Evizone offers innovative enterprise solutions in secure messaging (next generation beyond encrypted e mail) and encryption, encryption at rest, regulatory compliance, compliance archiving, WORM compliance, 17a-4 compliance, document life cycle management and communications governance and risk management. Evizone’s services protect organizations through best in class security, encryption, recipient controls, document life cycle management, discovery management, compliance management, compliance archiving, tamper proof WORM and 17a-4 compliance archiving and complete audit records against the enormous damage caused by communications breaches. Evizone’s patented technologies offer a level of security impossible to obtain with conventional or encrypted email and fast, powerful, user friendly compliance archiving. Evizone’s services are immediately available on multiple platforms and provide the strongest commercially available communications security and compliance archiving. You can follow Evizone on Facebook, Twitter, and LinkedIn.
Contact:
Tom Kott, HATLEY Strategy Advisors, 514.316.7082, tkott@hatleystrategies.com