By Canadian Press

Edmonton university recovers bulk of money lost in phishing attack

Apr 4, 2018 | 11:15 AM

EDMONTON — An Alberta university that was defrauded of $11.8 million in a so-called phishing attack says it has recovered more than 90 per cent of the funds.

Edmonton’s MacEwan University says in a release that legal proceedings to recover the stolen money have concluded and the institution has recouped $10.9 million.

The institution credits recovery of the large sum to the quick response of an internal team at the university, legal counsel in several jurisdictions, fraud units at the banks involved in the transactions and police.

The downtown Edmonton school says it has put stronger financial controls in place and is implementing IT security awareness and training programs for staff and faculty.

The scam occurred last August when a series of fraudulent emails convinced three staff members to change electronic banking information for one of the university’s vendors.

HERE'S WHAT TO KNOW

Summer pool hours extended and discounts applied as Big Marble Go Centre upgrades start

Apr 18, 2024

Medicine Hat company drawing in clients with witty signage

Apr 16, 2024

Medicine Hat College holding event for missing and murdered Indigenous women awareness day

Apr 16, 2024

The university didn’t realize what had happened until days later when the vendor — Clark Builders — called asking to be paid.

MacEwan spokesman David Beharry said at the time that most of the missing money — $11.4 million — was traced to a bank account in Montreal and to two accounts in Hong Kong.

He said $6.3 million was seized from the Montreal account and action was taken to freeze the two Hong Kong accounts.

He also said the three employees were not high-level staffers and the university did not believe there was any collusion. He did not say if the three had been suspended or reprimanded.

“We really believe this is simply a case of human error,” he said. 

The Edmonton Police Service says it has not laid any charges in the case, but the investigation remains active.

The fraud prompted Alberta Advanced Education Minister Marlin Schmidt to instruct all university board chairs in the province to review their financial controls.

MacEwan said in Wednesday’s statement that employees are now required to verify — by phone and a followup email confirmation — all changes to vendor master files. The changes are also reviewed by the employee’s supervisor, manager or director.

Supplier audit reports that have been implemented show all changes made to vendor information and are used to review and approve those changes.

As well, MacEwan is implementing mandatory training to improve  employees’ understanding of social engineering attacks, phishing and other online scams.

Beharry said he has no information about any of the money that has not been recovered.

The Canadian Press