Edmonton university recovers bulk of money lost in phishing attack

The Canadian Press
Wednesday April 04, 2018
Written by The Canadian Press
EDMONTON — An Alberta university which revealed last summer that it had been defrauded of $11.8 million in a so-called phishing attack says it has recovered more than 90 per cent of the funds.

Edmonton's MacEwan University says in a release that legal proceedings to recover the stolen money have concluded and the institution has recouped $10.92 million.

The institution credits recovery of the large sum to the quick response of an internal team at the university, legal counsel in several jurisdictions, fraud units at the banks involved in the transactions and police. The downtown Edmonton school says it has put stronger financial controls in place and is implementing IT security awareness and training programs for staff and faculty.

The scam occurred last August when a series of fraudulent emails convinced three staff members to change electronic banking information for one of the university's vendors. The university didn't realize what had happened until days later when the vendor — Clark Builders — called asking to be paid.

David Beharry, spokesman for MacEwan University, said at the time that most of the missing money — $11.4 million — was traced to a bank account in Montreal and to two accounts in Hong Kong. He said $6.3 million was seized from the Montreal account and action was taken to freeze the two Hong Kong accounts. Beharry also said the three employees were not high-level staffers and the university did not believe there was any collusion, but he did not say if the three had been suspended or reprimanded.

"We really believe this is simply a case of human error," he said.

The fraud prompted Alberta Advanced Education Minister Marlin Schmidt to instruct all university board chairs in the province to review their financial controls. MacEwan said in Wednesday's statement that employees are now required to verify — by phone and a followup email confirmation — all changes to vendor master files.

All changes are reviewed by the employee's supervisor, manager or director. Supplier audit reports that have been implemented show all changes made to vendor information and are used to review and approve changes to vendor master files. As well, MacEwan is implementing mandatory training to improve employees' understanding of social engineering attacks, phishing and other online scams.

There was no immediate word from Edmonton police on any arrests or legal proceedings resulting from the scam.

News from © Canadian Press Enterprises Inc. 2018

Add comment


Security code
Refresh

Subscription Centre

 
New Subscription
 
Already a Subscriber
 
Customer Service
 
View Digital Magazine Renew

Latest Events

Global Security Exchange
September 23-27, 2018
ASIS Canada Night 2018
September 24, 2018
SecTor 2018
October 1-3, 2018
CS@40
October 4, 2018

We are using cookies to give you the best experience on our website. By continuing to use the site, you agree to the use of cookies. To find out more, read our Privacy Policy.