Site icon IT World Canada

Ontario city stung for $503,000 in switched bank account fraud

Bank vault

Image from Shutterstock.com

Creating trust is vital for any organization. It’s also one of the factors criminals rely on.

The City of Burlington, Ont. found that out the hard way last month when an employee fell for an increasingly common scam: An email supposedly from what it calls a “trusted vendor” requesting to change the bank account where the municipality normally transfers money to.

Agreeing to the change, the $503,000 payment went to an account controlled by an unknown person.

The incident took place May 16. The city only learned about it five business days later. It made the incident public in a news release Thursday.

The fraud was reported to the bank and Halton Regional Police, but with a week between the incident and law enforcement being told it’s unlikely the money will be recovered.

The city says it has since put in additional internal controls to prevent a similar incident from happening again.

The municipality is refusing to make any further comment on how it happened. One possibility is the vendor’s email was hacked, so the email (or emails) the employee received was from a legitimate source. Another is that the criminal spoofed an email address similar to a person employed by the vendor. In one case the FBI noted a fake email ended in “.co” instead of “.com.”

“Humans remain the weakest link in any organization,” Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, noted after spotting a news story on the con. “Properly implemented security controls can reduce the risk of human error but not eliminate it.”

In a statement issued by the City Burlington Mayor Marianne Meed Ward said the incident was committed “with falsified documents at a level of sophistication not typically seen, and we are taking the necessary steps to prevent it from happening in the future. This stresses just how important it is that we are all vigilant and recognize the signs of online fraud, phishing and other scams, and report them to the proper authorities — so that no one becomes a victim of this type of criminal activity.”

Experts group these types of cons as business email compromise scams or wire frauds. The Canadian Bankers Association website recommends these four steps to reduce the odds of being victimized:

The FBI offers these tips to organizations and employees:

Exit mobile version