Canadian university loses $10m in phishing scam

  • Published
MacEwan University in Edmonton, AlbertaImage source, Facebook / MacEwan University

A Canadian university says staffers unwittingly lost $9.5m (C$11.8m; £7.5m) in an online phishing scam.

Fraudulent emails convinced staff at MacEwan University that one of its clients was changing its bank account details. Staff then paid money into the fraudulently created account.

The university, in Edmonton, Alberta, is auditing its business practices.

Police have traced most of the funds to accounts in Hong Kong and Montreal, but no charges have been laid.

The scam came to light when the real client complained of non-payment.

"There is never a good time for something like this to happen," university spokesperson David Beharry said in a statement.

"As our students come back to start the new academic year, we want to assure them and the community that our IT systems were not compromised during this incident."

Phishing is a common type of internet fraud where scammers send emails that appear to be from a reputable company, enticing people to give up personal information.

Mr Beharry also said the university was working to ensure that this fraud would not impact future educational or business operations.

An internal review is expected to make recommendations on ways the school can prevent this from happening again.

A preliminary audit found that protocols around changing banking information were "inadequate" and staff missed a number of opportunities to identify the fraud.