The City of Greater Sudbury is hoping to recover more than $1.5 million it lost late last year when fraudsters infiltrated the email account of the contractor handling the Lorraine Street development – but experts say getting money back after a fraud, isn’t that easy.
“It really is a coin flip whether you’re able to recover or not,” said cyber security expert and technology analyst Ritesh Kotak.
Kotak told CTV News that this is not the first time a business or organization has fallen victim to what he calls “social engineering attacks” – where access is gained to information before a fraud actually occurs.
“This (case) is a very complex situation with multiple stakeholders and it’s happening more frequently,” he said.
“And it’s becoming even harder to catch the individuals that are literally weaponizing our banking systems.”
City officials said the contractor’s email account was hacked and previous email chains were used to legitimatize the request to change bank account information prior to staff sending payment for work done.
“Fraudsters, in a lot of cases, will set up a rule if they have infiltrated the network where incoming emails to that account go to an alternate email and the supplier wouldn’t necessarily see the communication going back and forth because the emails are getting redirected to an alternate email,” said Jeff Horncastle, a client and communications outreach officer with the CAFC.
This article was originally sourced from www.CTVNews.ca