
Cybercriminals are in full force attempting to leverage compromised CWL logins and accounts.
A consistent tactic used by bad actors is attempting to exploit those engaged in financial transactions on behalf of the university.
Breakdown of Typical Behaviour That We Have Seen:
- A compromised account is used to initiate a purchase with a known supplier or vendor
- The criminals obtain contact information for someone who works/worked for the supplier or vendor
- Criminals then issue a fake purchase order and request to have the goods delivered to a separate location
- Email inbox rules are created by the criminal, redirecting messages to and from the supplier or vendor to the criminal
- The funds are transferred and payment is made to the criminal
- The purchased goods and/or services never arrive
Steps to Mitigate the Risk Associated with Business Transactions
- Contact your supplier and ask them to put a note on your account stating that every time they receive a purchase order from you with a value greater than $50,000, they must validate the order with you before processing.
- Encourage your supplier to carefully review purchase orders from you for missing elements typically included to properly complete your order.
- Use a procurement management system. This will reduce the number of manually generated purchase orders, reducing the risk of a purchase order being intercepted, manipulated or submitted fraudulently.
- Frequently monitor your email account for the creation of any unusual forwarding rules
- Ensure you are signed up for multi-factor authentication
Remember, if you receive an email that seems suspicious in any way, please immediately forward the email as an attachment to the UBC Information Security office at: security@ubc.ca
Fast reporting from members of the UBC community has helped save many accounts from potential privacy breaches.