A Canadian university says staffers unwittingly lost $9.5m (C$11.8m; £7.5m) in an online phishing scam.
Phishing emails convinced staff at MacEwan University that a client was changing its bank account details. The staff then paid money into the fraudulent account.
Since the online phishing scam, the university, located in Alberta, Canada, is auditing its business practices. Police were able to trace most of the funds to accounts in Hong Kong and Montreal, however no charges have been files at this time. The scam came to light when the real client complained of non-payment.
“There is never a good time for something like this to happen,” university spokesperson David Beharry said in a statement.
“As our students come back to start the new academic year, we want to assure them and the community that our IT systems were not compromised during this incident.”
What is phishing?
Phishing is a type of fraud performed over the internet where the scammers send emails that mimic reputable business entities (and individuals). The purpose of these phishing attacks is to entice people to give up personal information.
Mr Beharry also said the university was working to ensure that this fraud would not impact future educational or business operations.
A preliminary audit found that protocols around changing banking information were “inadequate” and staff missed a number of opportunities to identify the fraud.
Where you are a business, doctors office, or a university – certain security protocols are essential. This is why QWERTY Concepts includes essential security service as part of their managed IT services in NJ.