MacEwan University in Edmonton is the latest victim of an email phishing scam, having been defrauded out of $11.8 million.
The university fell prey to the scheme after staff failed to contact one of its vendors to confirm whether emails requesting a change in banking information were legitimate.
CBC reported that MacEwan University discovered the fraud on August 23 after the legitimate vendor, a construction company, called and asked why it had not been paid yet.
Search and compare product listings for insurance against Phishing from specialty market providers here
In total, three payments were made to the fraudulent account – one on August 10 for $1.9 million, another on August 17 for $22,000, and the last one on August 19 for $9.9 million.
In a news release last week, the university said that most of the cash (around $11.4 million) has been traced to accounts in Montreal and Hong Kong. MacEwan University confirmed that those accounts have been frozen and that it is working with legal counsel in Montreal, London and Hong Kong to pursue civil action to recover the money.
The fate of the rest of the money is not known.
David Beharry, a spokesperson for the university, said that the perpetrators of the fraud sent emails that looked like the real deal.
“A domain site with the authentic logo was sent,” Beharry told the media. “The individual asked us to change banking information from the vendor. That information was changed.”
Advanced Education Minister Marlin Schmidt said that it was “unacceptable” that the university fell for the fraud. He has asked the chair of the university’s board of directors to report on how the incident could have happened by September 15.
“While I’m told that MacEwan has put improved internal financial controls to help prevent it from happening again, I expect post-secondary institutions to do better to protect public dollars against fraud,” the minister said in a statement. “That’s why I’ve instructed all board chairs to review their current financial controls.”
Related stories:
Cyber-attacks on cloud services “accelerating”
Why it’s not just criminal cyber breaches you should warn your clients about
.jpg)
