Phishing Attack Scams Canadian University for $11.8 Million

Canada's MacEwan University is working to recover $11.8 million CAD (the equivalent of about $9.5 million USD) after a phishing attack led to a transfer of the funds to a fraudulent account. A series of e-mails appearing to be from one of the institution's vendors convinced administrators to change its electronic banking information, the university reported in a statement today.

So far, more than $11.4 million CAD has been traced to accounts in Canada and Hong Kong; the funds have been frozen and the university is pursuing legal action to recover the money, the statement said. MacEwan is also working with multiple law enforcement agencies and bank corporate security units to address the criminal aspect of the case.

The university emphasized that its IT systems are intact and that the incident will not impact academic or business operations: "There is never a good time for something like this to happen, but as our students come back to start the new academic year, we want to assure them and the community that our IT systems were not compromised during this incident," said university spokesman David Beharry in the statement. "Personal and financial information, and all transactions made with the university are secure."

In addition, MacEwan is taking steps to audit its business processes and put better controls in place. A number of opportunities to identify the fraud were missed, the university admitted.

Updates will be released on the university site as they become available.

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured