Cyber Alert – Social Engineering and Phishing Attack Leading to Fraud

Kopiha Nathan
Graphic of a figure dressed in black sitting atop a laptop with an open lock beside them. Copy above the computer says Alert.

Attention HIROC Subscribers:

As your proactive partner in safety, HIROC is sharing the following important notice.

Please share this Alert with your Finance/Accounting team, Information Technology (IT) team, Information Security Management team, Chief Information Officer, Chief Technology Officer and as appropriate with your users. Our intention is to raise awareness about a potential cyber threat and to address risks promptly.

The purpose of this alert is to inform you of an increasing trend in social engineering and phishing scams leading to financial fraud, such as misdirected payments and electronic funds transfers.

These attacks often begin with a threat actor taking over or impersonating a legitimate account (i.e. business email compromise) and collecting information about the business or organization for a period of time (i.e. reconnaissance attack). Following that, the threat actor finds the perfect moment to intercept emails and begin communicating with the target user(s) or organization(s) to initiate malicious activities.

It is increasingly difficult for users to identify phishing emails due to their sophistication. Failing to perform necessary checks can lead to organizations losing significant amount of funds, which are often not recoverable.

Please note that threat actors can also spoof emails of your vendors, staff members and trusted third parties to target your organization’s finance or accounting staff, direct them to change banking information, or undertake urgent funds transfers.

HIROC recommends Subscribers:

  • Increase awareness and educate the finance and leadership teams to exercise caution when receiving requests for changes to sensitive information such as banking account details, Electronic Funds Transfer details, etc.  
  • Implement tight controls around verifying changes to banking details. Always call and verify the changes using a trusted phone number that is on file (i.e. not the phone number listed in the email containing the change request). Additionally, have another staff member check that all verification activities have been completed and information is double-checked in the system before processing any payments. Having multiple individuals overseeing this process will deter fraudulent activities.
  • Work with your Information Technology staff to implement controls such as Multi-Factor Authentication to prevent account takeover or hacking.
  • Work with your Information Security staff to implement monitoring controls to identify potential email takeovers. These include anomalies in user behaviour such as geolocation of users logging into the email account, unusual deletion of data in the user’s email account, unusual mass email activities from a user’s account, and/or unusual access activities (such as logging in to an email account during off hours or weekends).

We are here for you!

In the event of a cyber loss, please contact Gareth Lewis, Vice President of Claims at [email protected] (416) 471-4796), or HIROC’s Claims Department at [email protected].

For Healthcare Safety and Risk Management resources and advice, please contact us at [email protected].

If you have any questions about this Alert, please contact Kopiha Nathan, HIROC’s Privacy and Compliance Officer at [email protected] (416-730-3039).

Thank you for your vigilance and attention to this matter.

Did you know March is Fraud Prevention Month? Check out few more tips on our Linkedin channel, and be sure to hit "FOLLOW" on that page to see exclusive content.

Additional Resources