Posted by & filed under Cyber Security, Phishing.

Fraudsters almost swindled the Royal Canadian Mint with payroll ‘spoofing’ scam

The Royal Canadian Mint fell for what’s known as a “spear-phishing” scam and almost forked over an employee’s paycheque to fraudsters, according to a breach report obtained through access to information.

Spear-phishing is a type of fraud which sees swindlers carefully collect information on a target in order to impersonate them. It’s one of the “most common and most dangerous attack methods” and it’s getting increasingly difficult to investigate, says a bulletin issued by the Canadian Anti-Fraud Centre last month.

In the Mint’s case, a “malicious actor” masquerading as a former Mint employee reached out to the Crown corporation’s human resources department back in February. The scam artist requested a change to a real former employee’s bank account information for payroll purposes, according to a copy of the incident report obtained by CBC News through access to information.

After some back-and-forth emails, a human resources worker at the Mint — thinking they were talking to the real former employee — changed the banking information. They also gave the fraudster a pay stub, as requested.

Source: CBC News

Date: December 13th, 2019

Link: https://www.cbc.ca/news/politics/mint-spear-phishing-scam-1.5392036

Discussion

  1. One of the bigger problems with this issue of spear-phishing is captured by the photo for this article, which shows a lone hacker, in a hoodie, presumably in the basement of his parent’s home.
    In reality, almost all spear-phishing attacks are conducted by criminal organizations that have banks of what are essentially office workers conducting the email scams.
    Why is it a serious issue that people and companies think of this as being a “lone hacker in the basement” issue?
  2. How do you train employees to not fall for these spear-phishing attacks?

Leave a Reply

Your email address will not be published.