Last month, cybercriminals managed to scam the City of Burlington in Canada out of CAD $503,000 (around USD $375,000). The city officially referred to the incident as “a complex phishing email,” but the phishing method used is more commonly known as a business email compromise (BEC) scam.
The threat actors pulled off the scam by impersonating “an established City vendor” in an email to City staff. Following a classic BEC strategy, they asked the staff to change the banking information for the vendor. The employee(s) complied, as a result of which Burlington ended up transferring a sizable payment intended for the vendor to an account controlled by the attackers.
The mayor of Burlington said that incident was “a case of online fraud with falsified documents at a level of sophistication not typically seen,” adding that the City is “taking the necessary steps to prevent it from happening in the future.”