OTTAWA, Canada – The Canadian Anti-Fraud Centre (CAFC) and the Hong Kong Police Force’s Anti-Deception Coordination Centre (ADCC) successfully helped recover CAD $2.3 million following a cross-border business email compromise (BEC) fraud targeting a Canadian law firm in the Vancouver area.
Spear phishing and BEC scams are highly targeted attacks where fraudsters impersonate trusted contacts; often executives, legal advisors, or vendors to trick individuals or companies into transferring funds or disclosing sensitive information.
In this case, the fraud involved a spear phishing attack that tricked the Canadian firm into wiring funds to a fraudulent account in Hong Kong. After identifying the suspicious transfer, a local bank in Hong Kong promptly alerted the ADCC. Swift cooperation with Canadian authorities, including the CAFC, led to the interception and return of the full amount to the defrauded firm.
How to protect your organization against spear phishing and BEC:
- Verify all payment requests especially if there’s a change in banking details. Contact the sender using a trusted phone number, not the one provided in the email.
- Enable multi-factor authentication (MFA) on your email and banking systems.
- Educate staff on how to recognize phishing red flags, such as downloading attachments, or clicking on unexpected links.
- Avoid logging in to business accounts through links in unsolicited emails or texts.
- Businesses are encouraged to implement internal controls such as requiring dual authorization for wire transfers and regularly reviewing cybersecurity protocols.
