Date: Wednesday, January 20, 2021
Victoria, BC – Officers are warning businesses, non-profit and other organizations after a national alert was issued yesterday by the Canadian Anti-Fraud Centre about the continued rise of a sophisticated but common cybercrime: “spear phishing.” With COVID-19 continuing to require many to work remotely, cybercrimes like spear phishing continue to be on the rise nation-wide.
In spear phishing attacks, criminals attempt to redirect or fraudulently initiate payments that would otherwise be legitimate. They often do so by penetrating an organization’s communications and passing off themselves as a person with financial decision-making authority.
Fraudsters take their time to collect information on their intended targets, so they can send convincing emails from a seemingly trusted source.
Fraudsters will infiltrate or spoof a business or individual email account. They create a rule to send copies of incoming emails forwarded to one of their own accounts. They comb through these emails to:
- study the sender’s use of language
- look for patterns linked to important contacts, payments, and dates
Victoria and Esquimalt continue to see spear phishing attacks and attack attempts. In one recent incident, the fraudsters claimed to be a person with financial authority and demanded a funds transfer. A staff member at a local business with an eye for detail noted that the email address used in the attempt was one letter off from the legitimate email address.
According to the Canadian Anti-Fraud Centre bulletin, variations of spear phishing attacks include:
- A business receives a duplicate invoice with updated payment details supposedly from an existing supplier or contractor
- An accountant or financial planner receives a large withdrawal request that looks like it’s coming from their client’s email
- Payroll receives an email claiming to be from an employee looking to update their bank account information
- Members of a church, synagogue, temple, or mosque receive a donation request by email claiming to be from their religious leader
- An email that seems to come from a trusted source asks you to download an attachment, but the attachment is a malware that infiltrates an entire network or infrastructure
- An email that seems to come from trusted source asks you to buy gift cards
There are key warning signs which are common among cybercrime frauds.
- Unsolicited emails
- Direct contact from a senior official you are not normally in contact with
- Requests for absolute confidentiality
- Pressure or a sense of urgency
- Unusual requests that do not follow internal procedures
- Threats or unusual promises of reward
How to protect yourself
- Remain current on frauds targeting business and educate all employees
- Include fraud training as part of new employee onboarding
- Put in place detailed payment procedures and institute a verification step for unusual requests.
- Establish fraud identifying, managing and reporting procedures
- Avoid opening unsolicited emails or clicking on suspicious links or attachments
- Take a few seconds to hover over an email address or link and confirm that they are correct
- Restrict the amount of information shared publicly and show caution with regards to social media
- Upgrade and update technical security software
You can learn more about how to protect yourself, your family and your organization from fraud by visiting vicpd.ca/fraud. If you have fallen victim to a fraud, stop payment immediately, contact your financial institution and call our Report Desk at (250) 995-7654 ext 1.
If you think you or someone you know has been a victim of an attempted fraud, please contact the Canadian Anti-Fraud Centre at 1-888-495-8501 or report online at http://www.antifraudcentre-centreantifraude.ca.