From Ransomware to Phishing Scam

Just over a year ago we reported on a ransomware attack on the University of Calgary, which resulted in the university paying a ransom of $20,000. Now, only last month, another Canadian university, MacEwan University in Edmonton, announced that they had fallen victim to an email phishing scam costing them $11.8 million.

The hackers were able to access the money after they posed as one of the university’s vendors in an email. Pretending to be a construction company the hackers informed the university that the company had changed its banking information and that the university should update its records. It was only when the legitimate construction company called to ask why they hadn’t been paid, that the alarm was raised.

In the meantime the hackers had been successful in transferring 3 separate amounts into their fraudulent accounts – one on August 10 for $1.9m, another on August 17 for $22,000 and the last on August 19 for $9.9m.

The university has managed to trace most of the money to accounts in Montreal and Hong Kong which have been frozen and the university is working with legal counsel in Montreal, London and Hong Kong to pursue civil action to recover the money.

The Cost of Human Error

This is just another example of human error causing a cyber attack. In this case the hackers had used an authentic logo from the construction company they were posing as and managed to fool the university staff into changing their bank details.

This incident highlights the need for more security education in organisations, as well as the need for insurance to cover businesses in the event of a phishing scam or any other cyber attack. A variety of insurances are available for this, and our insurance brokers at Coverforce Leed Insurance Brokers can certainly help you with this. Call us on 1300 881 464.