BEC scammer tried to dupe government of Northwest Territories with invoice fraud

Supported By:

Net Patrol International Inc.  Data Investigation and Forensic Services
Bankruptcy and Insolvency Trustees

Yellowknife (October 27, 2020) – A BEC (Business Email Compromise) scammer attempted to dupe the Government of the Northwest Territories (GNWT) using invoice fraud. The RCMP explained that a business partner of the GNWT was the subject of a phishing attack. The scammers used the obtained information and sent the GNWT a fake invoice. The undisclosed amount was paid but the scam was soon discovered and all funds could be recovered. The RCMP is investigating the high-value fraud. So far, no charges were laid. The Mounties advise the public to verify carefully all invoices, email addresses, and web domains before making any payments.

The RCMP announced that they are investigating a Business Email Compromise (BEC) fraud using an invoice scam, according to a press release issued by the Mounties. The BEC scammer attempted to dupe the Government of the Northwest Territories (GNWT) leveraging information obtained by a phishing attack on one of the GNWT’s business partners.

GNWT government targeted with invoice fraud

Last month, the Northwest Territories RCMP Financial Crimes Unit received a complaint from the GNWT regarding invoice fraud. The RCMP investigation revealed that a vendor, who has business relations with the territory, was the subject of a phishing attack. The cybercriminal obtained a list of invoices, including an invoice addressed to the GNWT.

Leveraging the information obtained during the phishing attack, the fraudster then created a fake website and email addresses that were similar to the actual company and its employees, according to the RCMP. Thereafter, the fake company sent a false invoice matching a legitimate outstanding invoice to the GNWT but stated a different financial institution than usual. The territory paid the fake invoice. The RCMP did not disclose the amount of money that was sent, however, they are talking about ‘a high-value fraud’ in the press release.

Shortly after the money was sent to the fraudster, the GNWT identified the invoice as fraudulent and quickly reported it to the NT RCMP and their banking partners. Thanks to the quick response, the entire sum was recovered and returned to the GNWT.

The NT RCMP said that they continue their criminal investigation regarding the invoice fraud. But, no one has been charged at this time.

BEC scams

The Mounties warned the public to be vigilant and explained that BEC scammers send emails that appear to be from a recognizable institution or company such as a bank or online subscription service. However, the email is an attempt to trick the receiver into providing their personal or financial information.

‘This incident serves as a reminder to diligently check the email address and credentials of any entity requesting payment from you or your business,’ states Staff Sergeant Dean Riou of the NT RCMP Federal Investigations Unit.

How to protect yourself

The Canadian Anti-Fraud Centre (CAFC) explains that those scammers impersonate legitimate companies or another known sender such as a client or a boss by email or text message. Emails often request login credentials, personal or financial information to rectify ‘urgent problems.’

To protect yourself, the Better Business Bureau recommends not to click on links or download attachments from unknown or unsolicited emails. Check for the embedded hyperlink in the suspicious email by hovering your mouse over the link to verify the address.

Recipients of unsolicited emails are advised to have a closer look at the sender’s email address. Sometimes the fraudster will use real company names to make the invoices seem authentic, but the scammers often add an extra dash, dot, or letter to the email address of the person or company they are trying to impersonate. Furthermore, email recipients are recommended to be vigilant for emails requesting money and independently verify the source.

Read more: New year, old scams – Stay cautious about phishing scams