NEWS RELEASE
ONTARIO PROVINCIAL POLICE
*************************
Members of the Southern Georgian Bay detachment of the Ontario Provincial Police (OPP) and the Canadian Anti-Fraud Centre (CAFC) are continuing to raise the awareness for north Simcoe residents of the various scams that they may encounter on the telephone or online.
This bulletin was prepared to inform the public as a part of CAFC’s campaign for this October’s Cybersecurity Awareness Month.
Spear phishing
Spear phishing fraud is one of the most prevalent frauds targeting businesses and organizations. Fraudsters take their time to collect information on their intended targets so they can send convincing emails from a seemingly trusted source.
Fraudsters will infiltrate or spoof a business or individual’s email account. They create a rule to send copies of incoming emails to one of their own accounts and will comb through the emails to study the sender’s use of language and look for patterns linked to important contacts, payments, and dates.
Fraudsters launch their attack when the owner of the email account can’t be easily contacted by email or by phone. It may look like a top executive sending an email to their accounts payable department requesting an urgent payment to close a private deal. If the fraudsters haven’t infiltrated the executive’s email account, they may set up a domain similar to the company’s and use the executive’s name on the account. The contact information they need is often found on the company’s website or through social media.
Variations of spear phishing attacks include:
- A business receives a duplicate invoice with updated payment details supposedly from an existing supplier or contractor.
- An accountant or financial planner receives a large withdrawal request that looks like it’s coming from their client’s email.
- Payroll receives an email claiming to be from an employee looking to update their bank account information.
- Members of a church, synagogue, temple, or mosque receive a donation request by email claiming to be from their religious leader.
- An email that seems to come from a trusted source asks you to download an attachment, but the attachment is a malware that infiltrates an entire network or infrastructure.
- An email that seems to come from a trusted source asks you to buy gift cards.
- Correspondence or email claiming to be from your landlord asking you to send your rent payment using an alternate payment method or to a different account.
Warning signs
- Unsolicited emails
- Direct contact from a senior official you are not normally in contact with
- Unusual payment request from a senior official
- Pressure or a sense of urgency to complete transaction
- Unusual requests that do not follow internal procedures
How to protect yourself
- Remain current on frauds targeting business and educate all employees.
- Include fraud training as part of new employee onboarding.
- Put in place detailed payment procedures.
- Encourage a verification step for unusual requests.
- Establish fraud identifying, managing and reporting procedures.
- Avoid opening unsolicited emails or clicking on suspicious links or attachments.
- Take a few seconds to hover over an email address or link and confirm that they are correct.
- Restrict the amount of information shared publicly and show caution with regards to social media.
- Routinely update computer and network software.
- Consider getting your business certified with CyberSecure Canada.
- Learn more tips and tricks for protecting yourself.
Anyone who suspects they have been the victim of cybercrime or fraud should report it to their local police and to the CAFC’s online reporting system or by phone at 1-888-495-8501. If not a victim, report it to the CAFC anyway.
The CAFC is updating the fraud and cybercrime reporting statistics available on the Open Government Portal. Check out the portal today to see statistics up to Sept. 30, 2023.
*************************
