‘It’s really a coin flip’: Experts weigh in on if Sudbury will recover $1.5M lost to fraud

Supported By:

Net Patrol International Inc.  Data Investigation and Forensic Services
Bankruptcy and Insolvency Trustees

The City of Greater Sudbury is hoping to recover more than $1.5 million it lost late last year when fraudsters infiltrated the email account of the contractor handling the Lorraine Street development – but experts say getting money back after a fraud, isn’t that easy.

“It really is a coin flip whether you’re able to recover or not,” said cyber security expert and technology analyst Ritesh Kotak.

Kotak told CTV News that this is not the first time a business or organization has fallen victim to what he calls “social engineering attacks” – where access is gained to information before a fraud actually occurs.

“This (case) is a very complex situation with multiple stakeholders and it’s happening more frequently,” he said.

“And it’s becoming even harder to catch the individuals that are literally weaponizing our banking systems.”

City officials said the contractor’s email account was hacked and previous email chains were used to legitimatize the request to change bank account information prior to staff sending payment for work done.

The Canadian Anti-Fraud Centre (CAFC) said this kind of attack is called spear phishing.

“Fraudsters, in a lot of cases, will set up a rule if they have infiltrated the network where incoming emails to that account go to an alternate email and the supplier wouldn’t necessarily see the communication going back and forth because the emails are getting redirected to an alternate email,” said Jeff Horncastle, a client and communications outreach officer with the CAFC.

This article was originally sourced from www.CTVNews.ca