The Victoria Police has issued a warning to Island organizations about the rise of sophisticated cybercrime attacks known as “spear phishing.”
The warning comes on the heels of a national alert issued on January 18 from the Canadian Anti-Fraud Centre regarding the cyber scam, which has become more prevalent in recent weeks as COVID-19 continues to require many people to work remotely.
Police say that in “spear phishing” attacks, criminals attempt to redirect or fraudulently initiate payments that would otherwise be legitimate.
Scammers often penetrate an organization’s communications, pretending to be a person with financial decision-making authority.
Fraudsters take their time to collect information on their intended targets, so they can send convincing emails from a seemingly trusted source, according to police.
The elaborate scam usually entails infiltrating an e-mail account and creating a rule that sends copies of any incoming emails to the fraudster’s account. This allows them to study the sender’s language and look for patterns linked to important contacts or payments.
According to Victoria Police, the city has seen several cases of spear phishing attacks as well as attack attempts.
“In one recent incident, the fraudsters claimed to be a person with financial authority and demanded a funds transfer,” explains VicPD in a statement. “A staff member at a local business with an eye for detail noted that the email address used in the attempt was one letter off from the legitimate email address.”
With the scams being flagged nationwide, the Canadian Anti-Fraud Centre has outlined a series of variations of reported spear phishing attacks:
- A business receives a duplicate invoice with updated payment details supposedly from an existing supplier or contractor
- An accountant or financial planner receives a large withdrawal request that looks like it’s coming from their client’s email
- Payroll receives an email claiming to be from an employee looking to update their bank account information
- Members of a church, synagogue, temple, or mosque receive a donation request by email claiming to be from their religious leader
- An email that seems to come from a trusted source asks you to download an attachment, but the attachment is a malware that infiltrates an entire network or infrastructure
- An email that seems to come from a trusted source asks you to buy gift cards
The Canadian Anti-Fraud Centre says key warning signs or red flags of these scams include unsolicited e-mails, direct contact from a senior official that an employee is not normally in contact with, a sense of urgency, unusual requests, and requests for absolute confidentiality.
Victoria Police are warning businesses on Vancouver Island and suggesting that employers familiarize themselves with possible spear phishing techniques.
Police are also advising businesses to consider upgrading cybersecurity software, including fraud training for employees, establishing fraud reporting procedures, adding verification steps for unusual requests, and avoiding opening unsolicited e-mails.