Wire transfer fraud and Doppelganger domain name campaigns are currently significant and common risks in Canada. Read more about these threats so you aren’t a victim!
According the Competition Bureau:
- From January 2014 to December 2016, Canadian lost over $290 million to fraud
- In 2016, online scams accounted for more than 20,000 complaints and more than $40 million in losses
Wire transfer fraud
Deceptive email domains or compromised email accounts will send invoices or request payments to specific individuals in large organizations. Because these are targeted attacks, they are less likely to be detected by spam filters. Cyber-criminals target businesses, such as the University, that process large volumes of invoices hoping they will pay the fraudulent invoices without much scrutiny. For example, demand of payment for supplies that were never ordered/delivered.
Doppelganger domain name
Legally registered domain names that are nearly identical to legitimate websites are used, oftentimes in conjunction with the wire transfer fraud, to convince organizations to process payments. These fraudulent domains are easily perceived as legitimate, and give credibility to requests for payments. For example, for the fictional example crediblesite.com, a cyber-attacker might use the doppelganger domain name credib1esite.com, replacing the “l” with a “1” in efforts to elicit a payment.
- If you often receive and process payments, read more about these threats so you are well informed and can be vigilant in spotting these attacks
- Be wary about unsolicited emails particularly those requesting payments or expressing urgent action
- Ensure your processes reflect careful review of payments
- Contact the organization if you are suspicious about the email or invoice
- If you processed a payment to a fraudulent account, immediately contact Financial Resources to see if the payment can be stopped.