MacEwan University in Edmonton, Alberta has confirmed that it lost 11.8 million Canadian dollars (US $9.5 million) after falling victim to a phishing attack.

In a statement released Thursday, the university said that a series of fraudulent emails convinced staff to change electronic banking information for one of the institution’s major vendors. As a result of the fraud, $9.5 million was transferred to an account that staff believed belonged to the vendor.

An investigation into the incident, which was discovered on Aug. 23, is ongoing, although most of the funds have been traced to accounts in Canada and Hong Kong. “These funds have been frozen and the university is working with legal counsel in Montreal, London and Hong Kong to pursue civil action to recover the money,” the university said in a statement. “The status of the balance of the funds is unknown at this time.”


The eventual financial impact will not be known until the investigation is complete, according to MacEwan University. The Edmonton Police Service, law enforcement in Montreal and Hong Kong and the corporate security units of the banks involved in the e-transfers are working on the case, it said.

University officials say that MacEwan’s IT systems were not compromised by the incident and that personal and financial information and all transactions made with the university are secure.

William MacArthur, threat researcher at digital threat management firm RiskIQ, told Fox News that the incident underlines the huge threat posed by phishing scams. “One thing has always been the same in phishing attacks: social engineering, i.e., luring people into clicking on a link and providing information so it can be captured and sent off to a drop zone,” he explained, via email. “Phishing actors adjust the same way a security analyst would so it’s like a constant game of chess, except they have more pieces and [are] always on the offensive.”


MacArthur noted that phishing has spread beyond the inbox to mobile apps, social media and instant messaging platforms.

Earlier this year, Google shut down a sophisticated phishing scam that targeted users by impersonating Google Docs.

Follow James Rogers on Twitter @jamesjrogers

Source link

About the Author:

Leave a Reply

Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 6876 bytes) in /home/conserv/public_html/wp-includes/wp-db.php on line 1852