The City of Saskatoon has recently admitted to falling prey to an internet scam. City manager Jeff Jorgenson says a fraudster electronically impersonated the chief financial officer of a construction company that has a contract with the city. The fraudster asked to have a payment sent to a new bank account and the city complied. Police were called after the fraud was discovered last Monday. Mayor Charlie Clark said the city decided to go public with the fraud to be up front with taxpayers and warn others, so it doesn’t happen to them.
What happened to the City of Saskatoon happens around the world on an hourly basis. Criminals use these types of phishing attempts to manipulate the victim into providing sensitive information and then use the information to steal money. Or, as in this case, pretend to be someone they could trust, and then ask for the money.
A similar incident happened a year ago in Ottawa, when a cyber-bandit impersonated the City of Ottawa’s city manager and fooled the city treasurer into transferring the equivalent of $128,000 to a fake account. Two years ago, I wrote about White House officials being tricked by a UK email prankster into giving up personal information. Thankfully in that case, the prank was more to embarrass the US government and not steal any sensitive information.
So, what can businesses do to ensure their staff do not fall for these pranks? Cyber thieves are getting smarter with their emails and targeting. They are sending fewer error-laden messages, which means spam filters can’t catch all the phony messages. A good tip for users is to check the headers to see if the email really did come the person they claim to be. If it’s still not clear, you can always call the sender and ask. Remember, if a request seems strange and unusual, it’s always better to ask first. Businesses can also train their employees with “fake” phishing campaigns, to gain an awareness of who is fooled, and what types of messages are fooling employees. From there, further awareness training can be delivered to staff.
If you are in need of a phishing awareness campaign, Uzado can help. Click below to learn more about phishing awareness training.