Canadian university loses $11.8m in email phishing scam

News
By published

Employees at MacEwan University were led to believe a client was changing account details

A Canadian university has lost almost C$12 million after a phishing scam tricked staff into paying money into a fraudulent bank account.

Employees at MacEwan University in Alberta received emails that suggested one of its main clients was changing its banking details and that future funds should be routed to the new account.

The university said the change resulted in C$11.8 (7.5 million) being sent to the account thought to have belonged to the vendor, but realised soon after that it had been a phishing scam.

The majority of the funds has been traced to accounts in Canada and Hong Kong, according to a statement released by the university on Thursday. It added that the suspected accounts had been frozen pending civil action to recover the funds.

"There is never a good time for something like this to happen," said university spokesperson David Beharry. "But as our students come back to start the new academic year, we want to assure them and the community that our IT systems were not compromised during this incident."

What is phishing? Cryptocurrency phishing scams cost users $225m this year

Personal and financial information, including any details relating to recent transactions, were unaffected by the scam and remain secure, according to the statement.

The university said it is working with the Edmonton Police Service, as well as law enforcement agencies in Montreal, Hong Kong, and security departments of the banks affected.

Although controls have now been put in place to prevent a similar incident in the future, the university said it had identified that safeguards around the changing of banking details had been inadequate, and that numerous opportunities to detect the fraud had been missed.

Research conducted last year found that almost a third of employees were still falling for phishing scams of this kind, which is particularly concerning given that only one malicious email needs to bypass detection to cause serious damage to an organisation.

The university said it is working to ensure that the incident does not impact the academic and business operations of the institute, and that further updates will be released in the coming weeks.

Photo by WinterE229 / CC BY 2.0

Dale Walker
Contributor

Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.

More about data breaches
Security tools concept image showing multiple locked padlocks with one opened padlock placed in middle.

Western Alliance Bank admits cyber attack exposed 22,000 customers

Man browsing through items for sale at a flea market stand.

‘It’s your worst nightmare’: A batch of €5 hard drives found at a flea market held 15GB of Dutch medical records – and experts warn it could’ve caused a disastrous data breach
Cartoon-style image showing male software developer using AI coding tools on desktop computer with house plant on desk.

Application enablement in an AI world
See more latest
Most Popular
Jensen Huang, co-founder and chief executive of Nvidia pictured on stage at Nvidia GTC 2025 holding two GPUs.
Nvidia GTC 2025: Four big announcements you need to know about
Businessman hand pointing finger to growth success finance business chart of metaverse technology financial graph investment diagram on analysis stock market background with digital economy exchange.
Global security spending continues to rise
Women in tech concept image showing female tech worker sitting at desk working on desktop computer.
Imposter syndrome is pushing women out of tech
Jensen Huang, co-founder and chief executive officer of Nvidia, pictured during a news conference at the Nvidia GPU Technology Conference (GTC) in San Jose, California, US.
‘This is the first event in history where a company CEO invites all of the guests to explain why he was wrong’: Jensen Huang changes his tune on quantum computing after January stock shock
ServiceNow signage pictured during the Singapore FinTech Festival in Singapore, on Wednesday, Nov. 15, 2023.
Old ServiceNow vulnerabilities could cause havoc for unpatched customers
Soft skills concept image showing informal staff meeting in an open plan office environment with workers having a discussion.
AI skills training can't be left in the hands of big tech
Oracle CloudWorld Tour sign pictured at the company event in London, UK.
AI agent announcements are a dime a dozen right now – here’s what Oracle thinks it’s doing differently
Close-up shot of data centers servers in red, black, and light blue colors.
Server sales are skyrocketing – and growth shows no sign of slowing down
SonicWall logo and branding pictured on a smartphone screen.
SonicWall pins ‘transformational year’ on strong partner growth
Antonio Neri, chief executive officer of Hewlett Packard Enterprise Co. (HPE), bottom left, and Jensen Huang, co-founder and chief executive officer of Nvidia Corp., during a keynote address at the HPE Discover event at the Sphere in Las Vegas, Nevada, US, on Tuesday, June 18, 2024.
HPE unveils Mod Pod AI ‘data center-in-a-box’ at Nvidia GTC