Spearphishing: The Risk to Corporate Canada

October 9, 2014

The Canadian Cyber Incident Response Centre has received reports that a number of senior executives and employees with accounting responsibilities at Canadian corporations have been targeted by a sophisticated spearphishing campaign.

An image of a fish line with a hook that caught an @ symbol.

Spearphishing is essentially targeted phishing. Cyber criminals collect information on their targets from various sources including social media and company websites. They then use this information to personalize fraudulent emails in order to increase the chances of the targets opening these emails.

Recently, targeted emails were sent to personnel who are authorized to make financial transactions. The emails appear to authorize the individual to send large amounts of money to a specific bank account.

To make these messages appear more authentic, actual names of executives who would authorize these transactions are used in the emails, and look-alike email addresses and URLs are used. The cyber criminals behind this scam have even telephoned their targets, posing as representatives from a law firm that is helping with the financial transaction.

This spearphishing campaign has targeted a number of companies. As a result, GetCyberSafe has teamed up with the Canadian Bankers Association to raise awareness of this issue.

While these cases are targeting a specific group, there are a number of steps you can take to avoid falling victim to any kind of email scam:

If you think you have been targeted by a phishing scam or any other fraudulent activity, we strongly encourage you to report it to the Canadian Anti-Fraud Centre. More information on how to report fraud is available at: http://www.antifraudcentre-centreantifraude.ca or by calling 1-888-495-8501.


Follow Get Cyber Safe on Twitter and Facebook.


Comments

By submitting a comment, you agree to have Public Safety Canada collect the comment and publish it on this website (comment policy).



Comments

There are no comments at this time

Date modified: