Take precautionary steps to protect your CWL account when making financial transactions

Take precautionary steps to protect your CWL account when making financial transactions

April 13, 2023

Cybercriminals are in full force attempting to leverage compromised CWL logins and accounts.

A consistent tactic used by bad actors is attempting to exploit those engaged in financial transactions on behalf of the university.

Here is a breakdown of typical behavior that we have seen:

  • A compromised account is used to initiate a purchase with a known supplier or vendor
  • The criminals obtain contact information for someone that works/worked for the supplier or vendor
  • Criminals then issue a fake purchase order and request to have the goods delivered to a separate location
  • Email inbox rules are created by the criminal, redirecting messages to and from the supplier or vendor to the criminal
  • The funds are transferred and payment is made to the criminal
  • The purchased goods and/or services never arrive


Together we can successfully combat this criminal activity. There are several steps that we recommend taking to mitigate the risk associated with business transactions between you and your department and legitimate suppliers or vendors.

  1. Contact your supplier and ask them to put a note on your account stating that every time they receive a purchase order from you with a value greater than $50,000, they must validate the order with you before processing.
  2. Encourage your supplier to carefully review purchase orders from you for missing elements typically included to properly complete your order. 
  3. Use a procurement management system. This will reduce the number of manually generated purchase orders, reducing the risk of a purchase order being intercepted, manipulated or submitted fraudulently.
  4. Frequently monitor your email account for the creation of any unusual forwarding rules
  5. Ensure you are signed up for multifactor authentication using Enhanced CWL

 In addition to these steps, please review our educational material on the Privacy Matters website regarding how to recognize phishing emails. Remember, if you receive an email that seems suspicious in any way, please immediately forward the email as an attachment to the UBC Information Security office at: security@ubc.ca

Fast reporting from members of the UBC community has helped save many accounts from potential privacy breaches.