Staff at MacEwan University fall for a simple online phishing scam.
Staff at MacEwan University, in Edmonton, Alberta, received fake emails from someone who claimed they were writing on behalf of one of the university’s major clients, and that they were changing their bank account details. Seemingly taken at face value, staff then paid money into the ‘new’ bank account on three separate occasions, and to the tune of millions of dollars.
MacEwan University only uncovered the fraud on August 23, after the actual client, a construction company, contacted the university to inquire as to why it hadn’t been paid. The university replied that it had paid…except of course, that it hadn’t. The phished money was eventually to a bank account in Hong Kong.
IT systems not compromised
“Preliminary assessment has determined that controls around the process of changing vendor banking information were inadequate, and that a number of opportunities to identify the fraud were missed”, university spokesperson David Beharry said in a statement. “There is never a good time for something like this to happen… As our students come back to start the new academic year, we want to assure them and the community that our IT systems were not compromised during this incident.”
The university expects the results of its own internal investigation in the coming weeks. Beharry also said there was a good chance the school would recover the money, eventually.
Urgent security review
MacEwan University has said it is conducting an urgent review of its propcedures in order to prevent a similar fraud from taking place in the future. It is expected that the construction firm client will still be paid in full.
Beharry said that the Macwan university’s IT systems were not compromised during the incident and that all personal and financial information and transactions made with the university are secure.