The City of Burlington Ontario is out $503,000 because one employee fell for a phishing scam. After receiving an email request to change banking information, the staff member was tricked into making a transaction to a false bank account that sent half a million dollars to cyber thieves.
The email requested that the employee change banking information for someone the City was already doing business with. They transferred $503,000 to the fake bank account on May 16, 2019. The City didn't learn about this until a week later.
After realizing this on May 23, the City says it immediately notified their bank and Halton Regional Police. A full investigation has been launched into how this happened and their current processes. They reported in their press release:
“These types of targeted attacks are all too common and can take many forms…Governments are just as prone to scams as are individuals,” they said.
Important To Know About These Types Of Phishing Scams?
According to researchers, since January 2019, nearly 100 phishing campaigns have been tailored specifically for Canadian targets. Criminals are spoofing Canadian companies and organizations with French-language phishing lures to increase their chances of tricking employees.
They are spreading Canadian phishing campaigns using banking Trojans called Emotet and Ursnif. They steal information and deliver other types of malware such as IcedID, Trickbot, Dridex, and GandCrab ransomware, and a keylogger called Formbook.
Toronto IT Support company Sysoft shares important lessons Canadian-based organizations can learn from Burlington’s Phishing incident:
- Canadians must be on the lookout for more than just generic phishing scams. And employees must be trained to recognize them.
- You must train your employees regularly to be constantly vigilant to identify attackers’ attempts to deceive them.
- The answer is to arrange for New-School Security Awareness Training. This is necessary to provide your staff with what they need to know and to change their behaviour.
You Can’t Depend On Every-Day Security Awareness Training
Old-School Security Awareness Training is no longer effective. Today, your employees are frequently exposed to ever-changing phishing and ransomware attacks.
Most types of Security Awareness Training are static tests without follow-up. You need cybersecurity training that’s backed up with phishing tests performed on a regular basis to create a real change in behaviour.
Why Use New-School Security Awareness Training?
Your employees are the weakest link when it comes to cybersecurity. You need current and frequent cybersecurity training, along with random Phishing Security Tests that provide a number of remedial options if an employee falls for a simulated phishing attack.
New-School Security Awareness Training provides both pre-and post-training phishing security tests that show who is or isn’t completing prescribed training. And you’ll know the percentage of employees who are phish-prone.
Your employees will get new learning experiences that are engaging, fun and effective. It includes “gamification” training, so they can compete against their peers while learning how to keep your organization safe from cyber attacks.
New-School Security Awareness Training…
- Sends Phishing Security Tests to your employees to take on a regular basis.
- Trains your users with the world’s largest library of security awareness training content, including interactive modules, videos, games, posters and newsletters, and automated training campaigns with scheduled reminder emails.
- Phishes your users with best-in-class, fully automated simulated phishing attacks, and thousands of templates with unlimited usage, and community phishing templates.
- Offers Training Access Levels: I, II, and III with an “always-fresh” content library based on your subscription level. You’ll get web-based, on-demand, engaging training that addresses the needs of your organization whether you have 50, 500 or 5,000 users.
- Provides automated follow-up emails to get them to complete their training. If they fail, they’re automatically enrolled in follow-up training.
- Uses Advanced Reporting to monitor your users’ training progress, and provide your phish-prone percentage so you can see it reduce as your employees learn what they need to know. It shows stats and graphs for both training and phishing, ready for your management to review.
Add New-School Security Awareness Training To Your Current Employee Training
This is what many organizations and municipalities are doing. You can upload your own compliant-training and video content, and manage it alongside your other employee training, all from one place. You’ll have your very own Learning Management System.
When you train your employees to prevent them from being phished, you’ll be protecting your organization and your money. Educate them with New-School Security Awareness Training.