Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Saturday June 22 2019, @09:37AM   Printer-friendly
from the phishing-license dept.

Submitted via IRC for SoyCow4463

The City of Burlington, Ontario, revealed Thursday that it fell prey to "a complex phishing email" that cost the City CAD $503,000 (around USD $375,000). Few details have yet been released. "To maintain the integrity of ongoing investigations, the City will not be commenting further at this time," it announced.

Although the City describes the incident as a phishing fraud, it bears all the hallmarks of the business email compromise (BEC) genre of phishing.

"On Thursday, May 23, the City of Burlington discovered it was a victim of fraud. A single transaction was made to a falsified bank account as a result of a complex phishing email to City staff requesting to change banking information for an established City vendor," the announcement reads. "The transaction was in the form of an electronic transfer of funds made to the vendor in the amount of approximately $503,000 and was processed on May 16."

Neither the name of the member of staff nor the department he or she worked in has been revealed, although it is clear his position is of enough seniority to authorize large payments on behalf of the City.

Burlington mayor Marianne Meed Ward commented, "This was a case of online fraud with falsified documents at a level of sophistication not typically seen and we are taking the necessary steps to prevent it from happening in the future. This stresses just how important it is that we are all vigilant and recognize the signs of online fraud, phishing and other scams, and report them to the proper authorities -- so that no one becomes a victim of this type of criminal activity."

Source: https://www.securityweek.com/canadian-city-loses-500000-phishing-attack


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Informative) by deimtee on Sunday June 23 2019, @05:11AM (1 child)

    by deimtee (3272) on Sunday June 23 2019, @05:11AM (#859018) Journal

    It was an authorized payment to a legitimate vendor. The scam was that they changed the bank account details it was to be paid to. Probably nobody noticed until the vendor started asking for their money.

    --
    If you cough while drinking cheap red wine it really cleans out your sinuses.
    Starting Score:    1  point
    Moderation   +2  
       Informative=2, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 2) by bzipitidoo on Sunday June 23 2019, @01:58PM

    by bzipitidoo (4388) on Sunday June 23 2019, @01:58PM (#859068) Journal

    He's not incorrect to doubt the intelligence and competence of people who actually think they want to run a city. Perhaps the kindest way to put it is that many local politicians' expertise is in social skills, with some business management experience. They're not going to act on potential threats, unless the public demands it. Don't want to jump at every shadow. For any problem outside their domain of knowledge, they're going to do nothing, until it's a raging fire that has to be put out.

    They will have metal detectors installed at the entrances of schools and city offices, but they won't listen to warnings from IT that their 20 year or older computer systems should be upgraded, especially if they've trapped themselves into relying on a deprecated, dead end system that's going to be very painful to migrate to a replacement.