Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Saturday June 22 2019, @09:37AM   Printer-friendly
from the phishing-license dept.

Submitted via IRC for SoyCow4463

The City of Burlington, Ontario, revealed Thursday that it fell prey to "a complex phishing email" that cost the City CAD $503,000 (around USD $375,000). Few details have yet been released. "To maintain the integrity of ongoing investigations, the City will not be commenting further at this time," it announced.

Although the City describes the incident as a phishing fraud, it bears all the hallmarks of the business email compromise (BEC) genre of phishing.

"On Thursday, May 23, the City of Burlington discovered it was a victim of fraud. A single transaction was made to a falsified bank account as a result of a complex phishing email to City staff requesting to change banking information for an established City vendor," the announcement reads. "The transaction was in the form of an electronic transfer of funds made to the vendor in the amount of approximately $503,000 and was processed on May 16."

Neither the name of the member of staff nor the department he or she worked in has been revealed, although it is clear his position is of enough seniority to authorize large payments on behalf of the City.

Burlington mayor Marianne Meed Ward commented, "This was a case of online fraud with falsified documents at a level of sophistication not typically seen and we are taking the necessary steps to prevent it from happening in the future. This stresses just how important it is that we are all vigilant and recognize the signs of online fraud, phishing and other scams, and report them to the proper authorities -- so that no one becomes a victim of this type of criminal activity."

Source: https://www.securityweek.com/canadian-city-loses-500000-phishing-attack


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0, Informative) by Anonymous Coward on Saturday June 22 2019, @11:09AM (2 children)

    by Anonymous Coward on Saturday June 22 2019, @11:09AM (#858806)

    It's obvious to most of the SN crowd, but it cannot be stressed enough: email can deliver phishing and ransomware attacks (among other nastiness).

    Users are the weakest link. Training is so very, very important but it's still not enough when employees are in a rush or not paying attention. Make sure your business or municipality has stringent procedures that are in place and practice them like you would your disaster recovery drills.

    Starting Score:    0  points
    Moderation   0  
       Redundant=1, Informative=1, Total=2
    Extra 'Informative' Modifier   0  

    Total Score:   0  
  • (Score: 2, Insightful) by Gaaark on Saturday June 22 2019, @12:22PM (1 child)

    by Gaaark (41) on Saturday June 22 2019, @12:22PM (#858820) Journal

    I like this: ANOTHER city gets taken for cash, someone says more training is needed and they are modded Redundant!
    Obviously not Redundant enough!, lol.

    --
    --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
    • (Score: 0) by Anonymous Coward on Saturday June 22 2019, @12:37PM

      by Anonymous Coward on Saturday June 22 2019, @12:37PM (#858825)

      They should have know they would be modded "Redundant" if they knew enough to start with "It's obvious to most of the SN crowd".