Enterprotect

View Original

Edmonton Construction Company Warns Industry After $11.8M Phishing Scam

Exploit: Phishing
Company: Clark Builders
Industry: Construction
Source: https://globalnews.ca/news/3713350/clark-builders-identified-as-company-involved-in-11-8m-macewan-university-phishing-scam/

Threat actors impersonated Edmonton construction company, Clark Builders in an elaborate online scam stealing $11.8 million from MacEwan University. The fraudsters took advantage of a 10-year working relationship between Clark Builders and MacEwan, as they “convinced university staff to change electronic banking information for one of the university’s major vendors.”

President and CEO of Clark Builders Paul Verhesen said the company is “not pleased with the fact that somebody was fraudulently using our logo and our brand and our information.”

The university was defrauded in three separate payments over a span of 10 days totaling the shocking sum of $11.8 million. Luckily, the incident seems to have been caught in a timely manner as most of the payments were able to be traced to accounts in Canada and Hong Kong. The university and its lawyers have since been able to freeze the funds in a recovery attempt. However, $400,000 remains unaccounted for at this moment.

In a message to others, Verhesen warned, “we should all be way more diligent in how we conduct business and transfer money and information.” He continued, “There’s other contractors that have been targeted, as well, so it’s an industry-wide awareness piece.”

Phishing and business email compromise scams continue to wreak havoc on the construction industry. With large payment sums trading hands and often very limited physical interaction between departments, it is easy to see why this industry makes for an attractive target for cyber criminals. In many cases, fraudsters obtain access to an executive’s/management’s email account and use urgent requests to transfer funds or use different accounts to receive payments. In other cases, such as with Clark Builders’, cyber imposters assume the identity of construction companies and request account changes for vendor payments. Construction companies, their vendors, and clients, should heed Verhesen’s advice and remain vigilant when urgent, suspicious emails are requesting payment changes. Those sending payments must establish verification protocols to help prevent financial losses.

Protect Your Business Against Modern Cyber Threats

More than ever, organizations of all sizes have been facing a historical rise in cyber attacks and data breaches. Talk to a cyber security expert today and find out how we can provide expert consulting and a portfolio of Cyber Security solutions designed to protect your organization against today’s most prevalent threats.