Treaty Three Police Service are issuing an urgent fraud alert after two unnamed indigenous organizations across Northwestern Ontario were defrauded of a combined $470,000 as Business Email Compromise fraud is to blame.
T3PS says “A legitimate invoice was received from a known vendor or service provider, shortly after the invoice was received, a follow-up email was sent to the organization’s account payable or financial staff. The follow-up email appeared to come from the same vendor but was sent for a fraudulent email address that differed from the real vendor’s address by only one character. The fraudulent email advised that the vendor’s banking information had changed and provided new payment instructions. Payment was made in good faith to the fraudulent account.”
This is specifically targeting indigenous organizations. This investigation is ongoing.
No businesses or areas in the Northwestern Ontario region were identified by Treaty Three Police Service.
—-
Treaty Three Police Service has provided a detailed list of precautions for your organization to follow to avoid this from happening to you in the future including those that handle payments, invoices, or vendor banking information.
1. ALWAYS VERIFY BANKING CHANGES BY PHONE
If you receive an email from any vendor advising that their banking information had changed do not act on it based on the email alone. Call the vendor directly using a phone number you already have on file – not a number provided in the email – and verbally confirm the change before making any payment.
2. INSPECT EMAIL ADDRESSES CAREFULLY
Before responding to or acting on any email involving payment instructions, look carefully at the sender’s full email address. Fraudsters register domains that look almost identical to legitimate ones – for example, changing one letter, adding a hyphen, or substituting a number for a letter. If anything looks different from previous emails from the same vendor stop and verify.
3. TREAT ANY UNSOLICITED BANK CHANGE REQUEST AS SUSPICIOUS
Legitimate vendors rarely change their banking information without prior notice through multiple channels. Any email requesting a banking change should be treated as high risk until verbally confirmed.
4. DO NOT USE CONTACT INFORMATION PROVIDED IN THE SUSPICIOUS EMAIL
Fraudsters often include fake phone numbers in their emails that connect to accomplices who will confirm the false banking change. Always use contact information from your own records or the vendor’s official website.
5. IMPLEMENT A TWO-PERSON AUTHORIZATION POLICY
No single staff member should have the ability to update vendor banking information and process a payment without a second person reviewing and approving the change. This simple internal control can prevent significant losses.
6. REPORT SUSPICIOUS EMAIL IMMEDIATELY
If anyone in your organization receives a suspicious email matching this description – even if no payment was made – please report it immediately. Near-miss reports are valuable to this investigation and meet the criminal threshold of attempted fraud.
IF YOU THINK YOU HAVE BEEN TARGETED
If your organization has already made a payment based on suspicious banking instructions, act immediately:
· Contact your bank or financial institution right away and ask them to recall or freeze the payment
· Do not delete any emails related to the transaction
· Contact Treaty Three Police Service immediately
Time is critical. The faster a report is made, the greater the chance of recovering funds.
Investigative Coordination
The Treaty Three Police Service has engaged the following agencies in relation to these files:
· RCMP Cyber
· FBI Legal Attaché, Ottawa
· OPP Digital Forensics
For emergencies involving immediate financial loss, contact your local police service or call 1-888-310-1122.
Treaty Three Police Service is a self-administered policing entity under the First Nations Policing Program in Canada, responsible for full policing duties within the Treaty #3 territory.
