Canadian City Fell Prey to a $375K Phish

Written by

Yet another city has fallen victim to a "a complex phishing email." The scam cost Burlington, Ontario, Canada, C$503,000 – the equivalent of nearly US$375,000.

“On Thursday, May 23, the City of Burlington discovered it was a victim of fraud. A single transaction was made to a falsified bank account as a result of a complex phishing email to City staff requesting to change banking information for an established City vendor. The transaction was in the form of an electronic transfer of funds made to the vendor...and was processed on May 16," the city announced.

Burlington immediately contacted law enforcement and a criminal investigation is underway, according to the announcement.  

“Cyber-attacks are on the rise, and phishing emails that involve the human factor are responsible for a great number of these breaches. Organizations globally are realizing the need to invest in employee training and deploy different training solutions in hope to mitigate the risk of data breaches,” said Shlomi Gian, CEO at CybeReady.

“Instead of increasing spending and IT effort, organizations should opt for smart solutions that guarantee change in employee behavior. Effective training should not become an IT and financial burden. Increased awareness might be the only way to reduce the risk of another incident like this in the foreseeable future.”

According to Global News Canada, none of Burlington’s systems have been impacted by the transaction. At this time, the city is not providing any additional information, but experts advise that all organizations continue to invest in their human capital via security training and awareness.

“Humans remain the weakest link in any organization. Properly implemented security controls can reduce the risk of human error but not eliminate it. Worse, cyber-criminals will now purposely target smaller organizations that cannot afford to invest in their cybersecurity,” said Ilia Kolochenko, founder and CEO of web security company ImmuniWeb.

What’s hot on Infosecurity Magazine?