It was discovered last week that three staffers at MacEwan University paid fraudsters impersonating a supplier $11.8 million dollars over a 9 day period this summer. They've recovered $6.3 million so far and are working to recover all but $400,000 of the stolen money.
Fraudsters are sophisticated and devious. The fake website probably looked identical to the real website. Employees need to be made suspicious when suppliers ask to change banking information. Security for email and websites needs to be maintained and strengthened appropriately. Financial controls need to be scrutinized. Even with all of this, a plan needs to be available so you can act fast when a fraud is suspected.
Low-level MacEwan University staffers were tricked into transferring $11.8 million into scammers’ bank accounts in what one expert said is among the largest publicly disclosed phishing scams.