Take precautionary steps to protect your CWL account when making financial transactions

Last updated: November 21, 2024
UBC staff in board meeting

Cybercriminals are in full force attempting to leverage compromised CWL logins and accounts.

A consistent tactic used by bad actors is attempting to exploit those engaged in financial transactions on behalf of the university.

Breakdown of Typical Behaviour That We Have Seen:

  • A compromised account is used to initiate a purchase with a known supplier or vendor
  • The criminals obtain contact information for someone who works/worked for the supplier or vendor
  • Criminals then issue a fake purchase order and request to have the goods delivered to a separate location
  • Email inbox rules are created by the criminal, redirecting messages to and from the supplier or vendor to the criminal
  • The funds are transferred and payment is made to the criminal
  • The purchased goods and/or services never arrive

Steps to Mitigate the Risk Associated with Business Transactions

  1. Contact your supplier and ask them to put a note on your account stating that every time they receive a purchase order from you with a value greater than $50,000, they must validate the order with you before processing.
  2. Encourage your supplier to carefully review purchase orders from you for missing elements typically included to properly complete your order. 
  3. Use a procurement management system. This will reduce the number of manually generated purchase orders, reducing the risk of a purchase order being intercepted, manipulated or submitted fraudulently.
  4. Frequently monitor your email account for the creation of any unusual forwarding rules
  5. Ensure you are signed up for multi-factor authentication

Remember, if you receive an email that seems suspicious in any way, please immediately forward the email as an attachment to the UBC Information Security office at: security@ubc.ca

Fast reporting from members of the UBC community has helped save many accounts from potential privacy breaches.


Go Further...


  • News

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service. Bell Warning