The Royal Canadian Mint fell for what's known as a "spear-phishing" scam and almost forked over an employee's paycheque to fraudsters, according to a breach report obtained through access to information.
Spear-phishing is a type of fraud which sees swindlers carefully collect information on a target in order to impersonate them. It's one of the "most common and most dangerous attack methods" and it's getting increasingly difficult to investigate, says a bulletin issued by the Canadian Anti-Fraud Centre last month.
In the Mint's case, a "malicious actor" masquerading as a former Mint employee reached out to the Crown corporation's human resources department back in February. The scam artist requested a change to a real former employee's bank account information for payroll purposes, according to a copy of the incident report obtained by CBC News through access to information.
After some back-and-forth emails, a human resources worker at the Mint — thinking they were talking to the real former employee — changed the banking information. They also gave the fraudster a pay stub, as requested.
Luckily, the receiving bank rejected the payroll deposit. The funds were returned to the Mint and the former employee lost nothing.
The surrendered pay stub, however, included the former employee's address, employee number, payroll information (including annual salary) and the last four digits of her bank account.
"It's regrettable that there was a privacy breach," said Alex Reeves, senior manager of public affairs for the Mint.
"We take this kind of thing very seriously and you can't let down your guard when it comes to preventing that sort of thing."
Significant losses are common
Jeff Thomson, a senior RCMP intelligence analyst with the Canadian Anti-Fraud Centre, said the agency is seeing a ri ..
Support the originator by clicking the read the rest link below.
