The Grenville County Detachment of the Ontario Provincial Police (OPP) has seen a rise in Spear Phishing incidents, also known as Business Email Compromise (BEC) scams.
In the case of BEC scams, the online attack is aimed at businesses, governments organizations and associations. The fraudsters take their time collecting information from various sources about their targets, to send convincing emails that appear to be from a trusted source. The fraudsters will infiltrate/ spoof a business or individual email account.
Fraudsters launch their attack when the owner of the email account can’t be easily contacted by email or by phone. It may look like a top executive sending an email to their accounts payable department requesting an urgent payment to close a private deal. If the fraudsters haven’t infiltrated the executive’s email account, they may set up a domain similar to the company’s and use the executive’s name on the account. The contact information they need is often found on the company’s website or through social media.
The goal of the fraudster(s) is gaining personal information and or the delivery and installation of malware, which is used for fraud and the information can be sold for financial gain.
According to the Canadian Anti-Fraud Centre (CAFC), Business Email Compromise frauds represented $58 million in reported losses in 2022. Ontario victims reported losing over $21.1 million.
- Unsolicited emails
- Direct contact from a senior official you are not normally in contact with
- Pressure or a sense of urgency
- Unusual requests that do not follow internal procedures
How to protect yourself
- Educate yourself and your employees on frauds targeting business
- Include fraud training as part of new employee onboarding
- Have detailed payment procedures including a verification step for unusual requests
- Avoid opening unsolicited emails or clicking on suspicious links or attachments
- Confirm the email address or link is correct (the variation is usually very slight)
- Be cautious with the amount of company information shared on social media
- Routinely update computer and network software
- Consider getting your business certified with CyberSecure Canada
Protect yourself and your business. For more information on fraud, visit the CAFC at www.antifraudcentre-centreantifraude.ca.
Anyone who suspects they have been the victim of cybercrime or fraud should report it to their local police and to the Canadian Anti-Fraud Centre’s online reporting system or by phone at 1-888-495-8501. If not a victim, report it to the CAFC anyway.
FRAUD…Recognize it…Report it…Stop it.