Scammer cons Canadian university of $11.8 million in elaborate phishing scam

Scammer cons Canadian university of $11.8 million in elaborate phishing scam

Scammer cons Canadian university of $11.8 million in elaborate phishing scam

In a major phishing scam, a scammer conned MacEwan University in Canada of 11.8 million CAD after he convinced employees to change payment details for a vendor.

The University recovered a little of half of the lost money after it discovered the phishing scam and informed authorities.

In a classic case of the use of phishing techniques to perpetrate online fraud, a scammer recently conned MacEwan University in Edmonton, Canada of 11.8 million Canadian dollars after he convinced university employees to change payment details for a vendor.

READ MORE: Elaborate phishing attack swindled $100m from Google and Facebook

The university has identified human error as the sole cause behind the scam. In an official statement, it said that “controls around the process of changing vendor banking information were inadequate, and that a number of opportunities to identify the fraud were missed.”

After the phishing scam was discovered, the university swung into action and by Thursday afternoon, recovered 6,347,000 CAD from the hacker’s acccounts located in Canada and Hong Kong. It is now working with authorites in Edmonton, Montreal, London, and Hong Kong to recover the remaining amount.

Even though the university had fallen victim to an online scam, it assured students and faculty that its IT systems were not compromised and that no personal or financial information were breached by the scammer. The university also confirmed that the scammer’s accounts were frozen and that it had initiated civil actions and a criminal investigation on the scam.

‘We also want to emphasize that we are working to ensure that this incident will not impact our academic or business operations in any way,’ said David Beharry, a spokesman for MacEwan University.

READ MORE: Trinity College Dublin loses €1 million to latest cyber-attack

This incident reminds us of a similar episode when Evaldas Rimasauskas, a Lithuanian scammer, impersonated a vendor company named Quanta Computer and conned Google and Facebook of up to $100 million between 2013 and 2015.

However, unlike MacEwan University, Facebook and Google didn’t disclose the phishing scam to their investors since they felt the events weren’t significant enough to merit disclosure.

The incident also reinforces a growing belief among cyber security experts that educational institutions are being increasingly targeted by hackers either by perpetrating cyber-attacks or through phishing techniques.

In the UK, the police’ Action Fraud department recently revealed that cyber criminals are calling educational institutions and asking for staff members’ personal email addresses and phone numbers, claiming that they need to send them guidance forms that contain sensitive information.

READ MORE: UK’s critical infrastructure organisations highly vulnerable to DDoS attacks

The scammers claimed that they were from the “Department of Education” – although the UK government’s department for schools is called the Department for Education.

In February, a cyber-attack on Trinity College Dublin resulted in hackers getting their hands on €1 million from the institution’s coffers, as well as sensitive details belonging to the institution’s donors.

“We are writing to tell you that your personal information may have been compromised by an email attack on Trinity Foundation and we strongly encourage you to be vigilant of any suspicious emails you receive. An email account belonging to one of Trinity Foundation’s employees appears to have been compromised by an apparent phishing/malware attack. It seems that the attackers had access to this email account from February 7, 2017,” said the Trinity Foundation in a letter to affected donors.

Copyright Lyonsdown Limited 2021

Top Articles

Carnival Cruises hit by fourth data breach in 18 months

Carnival Cruises, one of the world’s largest cruise ship operators, has confirmed that it suffered another data breach in mid-March.

NHS Test & Trace Consolidates Cyber Security

NHS Test and Trace has teamed up with cybersecurity company Risk Ledger to proactively manage its supply chain cybersecurity risks.

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]