Email phishing campaign ends in $503K loss for Burlington city

The City of Burlington falls victim in a phishing scheme that results in $503 000 transfer to a phony bank account

Burlington city fell victim in email phishing attackThe city transferred $503 000 to an attackers bank account.

City officials in Burlington, Ontario, have reported about the phishing scam[1] that led the municipality to the loss of more than half a million dollars.[2] Apparently, the staff member made a transaction of $503,000 to attackers' bank account after the email was received with a request to change banking information for someone the city was doing business.

The transfer was made on May 16, so the investigation on the incident is already on-going. This unauthorized payment was reported to the bank and police as soon as the city realized this was a fraud.[3] Due to this scam, Burlington's officials added more internal control to prevent such campaigns and attacks in the future. A full review on the incident and the email itself is still processed.

As the city's Mayor, Marianne Meed Ward, has stated, is not a typical event:

This was a case of online fraud with falsified documents at a level of sophistication not typically seen and we are taking the necessary steps to prevent it from happening in the future. This stresses just how important it is that we are all vigilant and recognize the signs of online fraud, phishing and other scams, and report them to the proper authorities — so that no one becomes a victim of this type of criminal activity.

The city says no personal data got stolen or affected

This phishing scam was identified as a fraud on May 23, when it was revealed that a single transaction was sent to a “falsified” bank account. The activity was additionally reported to the police, although the city's officials claim that personal information has neither been stolen nor shared. As a result, the case hasn't been reported as a data breach.[4]

However, the city works closely with police and other institutions, as Tim Commisso, the Interim City Manager, says:

We are taking this matter very seriously. City staff took immediate action, including notifying members of council and our audit committee when the incident was first discovered. We are working closely with the police on their ongoing criminal investigation and we have also initiated an independent external investigation of the incident, which will be part of our reporting back to council and the audit committee.

The city restrains from further comments on the incident until the investigation is complete. This criminal investigation involves a full review of processes currently running on the city of Burlington.

Businesses and governments are involved in scams and malware regularly

In Canada alone, 2018 resulted in more than 2260 reports about fraud incidents. Canadian Anti-Fraud centre received various notifications about such stories that resulted in loses up to $17,000,000.[5]

However, scammers and cybercriminals work around targeting people and institutions around the world. Malware like ransomware, especially targeting companies and governments with malicious crypto-extortion campaigns.

Various cities in America get affected by malware attacks that make them go back to pencil and paper to continue needed processes like payments, documentation, and so on.[6] IT security and patching vulnerabilities become crucial for governments as for big companies, services.

About the author
Alice Woods
Alice Woods - Likes to teach users about virus prevention

Alice Woods is the News Editor at 2-spyware. She has been sharing her knowledge and research data with 2spyware readers since 2014.

Contact Alice Woods
About the company Esolutions