Lesson Learned from Successful Phishing of City of Ottawa’s Treasurer
It happened again...Large amounts of money transferred to a scammer that will likely never be recovered in full. This time the phishing victim was City of Ottawa Treasurer, Marian Simulik.
On July 6, 2018 she received an email that appeared to come from city Manager, Steve Kanellakos, asking her to pay a city supplier nearly $98K US.
After searching the internet for the IT supplier, she assumed the request for payment was related to the current overhaul of the ottawa.ca website. After an email communication exchange with the imposter city manager, Simulik transferred the requested amount to a U.S. bank account.
In just about four hours, Simulik was tricked into something that she later stated affected her “deeply, both professionally and personally.”
It Could Have Been Worse
The phishing scam could have been worse. In fact, in cases like these where large amounts of money are available, phishing attacks are dubbed “whaling.” Luckily when the next attempt for $150,000 came in, Simulik was sitting next to Kanellakos in person--tipping off the city to the fraudulent activity.
Simulik has surely learned her lesson about phishing attacks, but ask yourself, how many of your employees could be the next ones to take the bait? Being unprepared and vulnerable to these attacks will cost your company money, time, and reputation. It’s just a matter of when you draw the short straw.
Edgeworx recognizes the severity of danger that phishing imposes. That’s why our security team develops individualized strategies for companies that educate and test end users through automated vulnerability simulations and company tailored phishing campaigns.
Ready to stand up to fraudsters, but don’t know where to start? Read our blog, How to Get Your Company Invested in Phishing Simulations and Training Programs.