Burlington, ON Phishing Scam Steals More Than Half A Million Dollars

The City of Burlington is out $503,000 because a staff member fell for a phishing scam. After receiving an email request to change banking information, the staff member was tricked into making a transaction to a false bank account.

The email requested that the employee change banking information for someone the City was already doing business with. The staffer transferred $503,000 to the fake bank account on May 16, 2019. The City didn’t learn about this until a week later. At that point, they notified the police.

After realizing this on May 23, the City says it immediately notified their bank and Halton Regional Police. A full investigation has been launched into how this happened and their current processes.

Since then, the City has put “additional internal controls” in effect to prevent this from happening again. They reported in their press release:

“These types of targeted attacks are all too common and can take many forms…Governments are just as prone to scams as are individuals,” they said.

Could Your Government Agency Or Business Be A Target?

Since January 2019, nearly 100 phishing campaigns have been tailored specifically for Canadian targets, according to researchers.

Criminals are spoofing well-known Canadian companies and organizations. They are using French-language phishing lures to increase their chances of tricking Canadian employees.

The most common forms of malware used in these Canadian phishing campaigns are banking Trojans called Emotet and Ursnif. They steal information and deliver other types of malware such as IcedID, Trickbot, Dridex, and GandCrab ransomware, and a keylogger called Formbook.

Canadians need to be on the lookout for more than just generic phishing spam.

What Should You Do?

Get New School Security Awareness Training

You must train your employees to be constantly vigilant to identify attackers’ attempts to deceive them. New-school security awareness training will provide the knowledge they need to defend against these attacks.

What’s Wrong With Every-Day Security Awareness Training?

Old-School Security Awareness Training doesn’t hack it anymore (no pun intended). Today, your employees are frequently exposed to sophisticated and ever-changing phishing and ransomware attack methods.

Old-School Security Awareness Training is static. It’s a one-time event without follow-up. You need cybersecurity training that’s backed up with phishing tests performed on a regular basis to create a real change in behaviour.

What Is New-School Security Awareness Training?

More than ever, your users are the weak link in your IT security. You need highly effective and frequent cybersecurity training, along with random Phishing Security Tests that provide several remedial options in case an employee falls for a simulated phishing attack.

With world-class, user-friendly New-School Security Awareness Training, you’ll have training with self-service enrollment, completion logs, and both pre-and post-training phishing security tests that show you who is or isn’t completing prescribed training. You’ll also know the percentage of your employees who are phish-prone.

And with the end-user training interface, your users get a fresh new learner experience that makes learning fun and engaging. It has optional customization features to enable “gamification” of training, so your users can compete against their peers on leaderboards and earn badges while learning how to keep your organization safe from cyber attacks.

With New-School Security Awareness Training You’ll…

• Have Baseline Testing to assess the phish-prone percentage of your users through a free simulated phishing attack.
• Train your users with the world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters, and automated training campaigns with scheduled reminder emails.
• Phish your users with best-in-class, fully automated simulated phishing attacks, and thousands of templates with unlimited usage, and community phishing templates.
• See the results with enterprise-strength reporting that show stats and graphs for both training and phishing, all ready for your management.

New-School Training…

• Sends Phishing Security Tests to your users and you get your phish-prone percentage.
• Rolls out Training Campaigns for all users with automated follow-up emails to “nudge” incomplete users, as well as point-of-failure training auto-enrollment.
• Uses Advanced Reporting to monitor your users’ training progress, and to watch your phish-prone percentage drop.
• Provides a New Exploit Functionality that allows an internal, fully automated human penetration testing.
• Includes a New USB Drive Test that allows you to test your users’ reactions to unknown USBs they find.

Plus, you can access Training Access Levels: I, II, and III giving you access to an “always-fresh” content library based on your subscription level. You’ll get web-based, on-demand, engaging training that addresses the needs of your organization whether you have 50, 500 or 5,000 users.

Can We Use New-School Security Awareness Training Along With Our Other Training?

This is what many organizations and municipalities are doing. They are supplementing their current training content with New-School Security Awareness Training. Upload your own compliant-training and video content, and manage it alongside your other training all in one place. Now you have your very own Learning Management System.

Don’t wait until your employees get tricked into giving away your money. Educate them with New-School Security Awareness Training.

Author: Joe Martin, Date: 2019-06-15