RCMP Corporal Terry Sundell is spreading the word, not only about fraud prevention awareness, but those that affect businesses. He explains more scams affect individual people than those affecting businesses alone in Manitoba, but the value of loss is much greater when they succeed with a business.

"One of the ways that we have seen this happen is through business e-mail compromise," notes Sundell. "In some cases, this is just an employee working for a business who clicks on some kind of phishing link that might release some data to a scammer on the other end. Or it could simply be their username and password to their e-mail have been compromised at one point. Depending on the role of the employee that has their e-mail compromised, there are a number of things that a scammer can learn about how business operations work and how payments are made through that company."

He says this is how scammers gain intelligence on these targets and craft their scams in a very specific way to be more effective when they deploy them. Sundell adds some of the scams that they've seen have occurred by simply copying a previous invoice that was sent from a person's sent folder. He explains it's perfectly copied except for changing the account information and the business name just slightly, and then having the bank process the wire payment to the company as per the normal business practices of that company. He says the scammers learn from research how that company works with those issues.

"In cases like this, where there's a lack of a multi-factor authentication, sometimes the losses in these end up being over $100,000 and then sometimes totalling over $1,000,000," continues Sundell. "For businesses, there's a lot of educational material out there and we would encourage all businesses to make sure that they've reviewed their cyber security practices and that they educate their employees on the latest scams that are out there." 

Sundell says there's not always an entire e-mail compromise that lets fraudsters work their evil. Just a small amount of research on what types of vendors they may have, and may be in the business with, is all that it takes. 

"The scam artists often use the exact e-mail of a known vendor with the exception that it might, instead of being a '.ca' suffix, be a '.com' suffix," adds Sundell. "It might have a hyphen in it or some very small variation. People have sent emails from these companies that they know a business is doing business with, and they've just had requests for payment on invoices. Any larger scale operations where the left hand might not always talk to the right hand, we've seen businesses that have paid these invoices, only to find out later that they were completely fraudulent. The e-mail was not the exact e-mail address that they were dealing with before."


RCMP online reporting in Manitoba https://ocre-sielc.rcmp-grc.gc.ca/manitoba

Canadian Anti-Fraud Centre (CAFC) https://antifraudcentre-centreantifraude.ca (for information on what to do if you’re a victim, how to best protect yourself, general awareness of recent scams, and for online reporting of scams)

Canadian Centre for Cyber Security https://www.cyber.gc.ca (this is a great resource for individuals, businesses, and government institutions on how to best protect your information, implement best practices, and complete surveys that can help better assess your risk and vulnerabilities online)

cybertip!ca https://www.cybertip.ca (Canada’s national tipline for reporting the online sexual exploitation of children) (Sextortion and Online Sexual Violence can affect people of all ages. This website has valuable information and resources to help educate people and assist those that have been victimized)