View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 20, 2019updated 21 Aug 2019 9:45am

Canadian City Engages With Fake Email and Wires Fraudsters a Million Dollars

O Canada

By CBR Staff Writer

The Canadian City of Saskatoon has suffered a devastating email mishap resulting in fraudsters obtaining £645,190 by posing as a contractor.

The threat actors impersonated Blaine Dubreuil the CFO of Allan Construction, which had been contracted to work on a bridge rehabilitation project. Fraudsters contacted the city last July pretending to be the CFO resulting in the city wiring one million Canadian dollars to the hackers.

Allan Construction’s CFO Blaine Dubreuil commented in a release that “It’s very disconcerting that the perpetrator used my name and our company name to commit this crime. We have done a security assessment and are confident that our systems were not hacked or compromised.”

It appears that once the threat actor had established an erroneous line of communication with the city they requested the city change the banking information for Allan Construction. It wasn’t until August 12 that the fraud was discovered.

Working with law enforcement the city says that they have managed to recover $40,000 of the stolen cash and have ‘locked down’ a substantial amount of the remaining money.

The authorities have located over 10 bank accounts that they suspect the money is resting in and have instigated legal action to freeze these accounts by court orders.

City Manager Jeff Jorgenson commented in a release that: “Our focus at this time is on recovery of the funds. We have experts engaged from our internal auditor, the banks affected, and the Saskatoon Police Service. Additionally we have external and internal experts pouring over financial transactions and processes to do everything reasonably possible to protect the City from any further attacks.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“As this is an ongoing investigation, the City cannot disclose further details about the fraud at this time.”

Business Email Compromise

Business email compromise (BEC) poses a serious threat to every organisation and worryingly, such attacks are getting both more sophisticated, and more financially damaging to the victims of what is also known as “whaling”.

That’s according to California-based cybersecurity firm Symantec, which has noticed a steady rise in the sophistication of such attacks, which typically marry phishing-style emails to executives, with a high degree of social engineering.

It warns that access to powerful machine learning tools mean an arsenal of audio and video manipulation tricks may soon also become part of such attacks, which are typically highly personalised to draw the attention of executives.

The financial impact is rising steadily, it found. (Symantec also pointed to the FBI’s Internet Crime Report, published earlier this year, found that BEC attacks cost business $1.3 billion in losses in 2018 – sharply up from $60 million five years earlier.)

Symantec researchers found that businesses received “an average of five BEC scam emails each month during the past 12 months. This means each business had a 17 percent chance of getting at least one BEC email per month. In the previous 12 months, an organization would have received an average of four BEC emails per month.”

See Also: UK Ransomware Attacks Soar 195% – Malware Cocktails Proliferate

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.