VICTORIA -- Victoria police are warning businesses, non-profits and other organizations of a recent rise in “spear phishing” attacks, a sophisticated online fraud technique.
Spear phishing involves criminals attempting to organize fraudulent payments from legitimate sources, often by impersonating as someone with financial decision-making authority within an organization or business.
VicPD says that in this style of crime, fraudsters generally research their potential victims so they can convincingly impersonate them, and create a business or personal email account that resembles a legitimate one. This involves studying a person’s use of language, their important contacts and patterns of payment dates.
In one recent spear phishing attempt in Victoria, police say that a criminal claimed to be a person with financially authority and demanded a payment from a local business.
“A staff member at a local business with an eye for detail noted that the email address used in the attempt was one letter off from the legitimate email address,” said VicPD in a release Wednesday. As a result, no funds were transferred.
The Canadian Anti-Fraud Centre has compiled a list of common spear phishing attacks, which have been increasing across Canada amid the COVID-19 pandemic.
The list includes:
• A business receives a duplicate invoice with updated payment details supposedly from an existing supplier or contractor
• An accountant or financial planner receives a large withdrawal request that looks like it’s coming from their client’s email
• Payroll receives an email claiming to be from an employee looking to update their bank account information
• Members of a church, synagogue, temple, or mosque receive a donation request by email claiming to be from their religious leader
• An email that seems to come from a trusted source asks you to download an attachment, but the attachment is a malware that infiltrates an entire network or infrastructure
• An email that seems to come from trusted source asks you to buy gift cards
VicPD says that warning signs of a potential fraud or spear phishing attack include:
• Unsolicited emails
• Direct contact from a senior official you are not normally in contact with
• Requests for absolute confidentiality
• Pressure or a sense of urgency
• Unusual requests that do not follow internal procedures
• Threats or unusual promises of reward
Further tips on how to protect yourself or your business from fraud can be found here.
“If you have fallen victim to a fraud, stop payment immediately, contact your financial institution and call our Report Desk at 250-995-7654, ext 1,” said VicPD.
Fraud incidents should also be reported to the Canadian Anti-Fraud Centre at 1-888-495-8501 or online here.