Spear Phishing Scam

Spear Phishing Scam
Spear Phishing Scam
April 8, 2026 Bennett Blackwell

OPP Warn Local Businesses of Spear Phishing Scam

8 Apr 2026

(PEMBROKE, ON) – The Upper Ottawa Valley (UOV) Detachment of the Ontario Provincial Police (OPP) is investigating a Spear Phishing, also known as Business Email Compromise (BEC), fraud that was reported on March 31, 2026. A local business reported being defrauded of $3,000 after their email was compromised resulting in a customer sending payment to a scam artist instead of the business.

Business Email Compromise (BEC) is a targeted phishing fraud where cybercriminals impersonate employees, or trusted vendors via email to trick victims into wiring or e-transferring funds or sharing sensitive data. According to the Canadian Anti-Fraud Centre (CAFC), Canadians reported losing $67.9 million to Spear Phishing frauds in 2025.

Key Aspects of BEC Attacks:

·        Targeted Impersonation: Attackers often pose as high-level executives (CEO/CFO), employees, or trusted suppliers to request urgent wire transfers or fraudulent invoice payments.

·        Techniques: Criminals use email spoofing, lookalike domains, or compromised legitimate email accounts to gain trust.

·        Research-Driven: Attackers often “lurk” in compromised accounts for weeks, studying communication patterns before striking.

·        High Financial Impact: BEC is exceptionally costly, with many scams resulting in hundreds of thousands of dollars in losses per incident.

Common Warning Signs & Tactics:

·        Urgency & Secrecy: Demands to act quickly and keep the transaction confidential.

·        Unusual Requests: Changes to vendor payment details or requests for sensitive data that deviate from normal business procedures.

·        “From” Address Mismatch: The display name appears correct, but the actual email address is slightly different.

Prevention and Protection Strategies:

·        Verify Requests: Always verify changes in payment procedures or urgent financial requests via a different communication method, such as a phone call to a known number.

·        Multi-Factor Authentication (MFA): Require MFA for all email accounts to prevent unauthorized access.

·        Employee Training: Educate staff to recognize phishing scams and suspicious email patterns.

·        Technical Controls: Implement email security solutions to detect spoofing and malicious links.

In case of a suspected incident, victims should immediately contact their financial institution to investigate the transfer, report it to their local police service, and Report fraud and cybercrime to the Canadian Anti-Fraud Centre (CAFC).

0 Comments
000

0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

Related Articles

News Release
No Tip is Too Small! Say it Here!
No Tip is Too Small! Say it Here!
News ReleaseScam
OPP Warn of Advanced Payment Scam
OPP Warn of Advanced Payment Scam
News Release
What Can You Tell Crime Stoppers About?
What Can You Tell Crime Stoppers About?
Qualify for an award of up to $2,000 — Submit A Tip!

Want a chance to WIN BIG?

The April 50/50 is ON NOW! Get your tickets today for a chance to win the minimum jackpot of $1,000!

BUY TICKETS

(Clicking this link will take you to our partner website)