URGENT FRAUD ALERT – Business Email Compromise Targeting Indigenous Organizations in Northwestern Ontario

|
Media Release

FROM: Criminal Investigation Unit                                                

General Headquarters – The Treaty Three Police Service is issuing this bulletin to alert First Nations governments, Indigenous health organizations, and Indigenous social services agencies in Northwestern Ontario to an active and serious fraud threat currently targeting organizations in the region.

WHAT IS HAPPENING

The Treaty Three Police Service is currently investigating two confirmed cases of Business Email Compromise (BEC) fraud occurring in the same week, in which Indigenous organizations in Northwestern Ontario were defrauded of a combined total exceeding $470,000. Both cases involved the same method of operation.

In each case:

  • A legitimate invoice was received from a known vendor or service provider
  • Shortly after the invoice was received, a follow-up email was sent to the organization’s account payable or financial staff
  • The follow-up email appeared to come from the same vendor but was sent for a fraudulent email address that differed from the real vendor’s address by only one character – a difference that is easy to miss
  • The fraudulent email advised that the vendor’s banking information had changed and provided new payment instructions
  • Payment was made in good faith to the fraudulent account

These fraudsters are specifically targeting Indigenous organizations. They have knowledge of your vendor relationships, your invoice processes, and your accounts payable contacts. This is deliberate and organized fraud.

HOW TO PROTECT YOUR ORGANIZATION

Please share the following precautions immediately with anyone in your organization who handles payments, invoices, or vendor banking information:

  1. ALWAYS VERIFY BANKING CHANGES BY PHONE

If you receive an email from any vendor advising that their banking information had changed do not act on it based on the email alone. Call the vendor directly using a phone number you already have on file – not a number provided in the email – and verbally confirm the change before making any payment.

  1. INSPECT EMAIL ADDRESSES CAREFULLY

Before responding to or acting on any email involving payment instructions, look carefully at the sender’s full email address. Fraudsters register domains that look almost identical to legitimate ones – for example, changing one letter, adding a hyphen, or substituting a number for a letter. If anything looks different from previous emails from the same vendor stop and verify.

  1. TREAT ANY UNSOLICITED BANK CHANGE REQUEST AS SUSPICIOUS

Legitimate vendors rarely change their banking information without prior notice through multiple channels. Any email requesting a banking change should be treated as high risk until verbally confirmed.

  1. DO NOT USE CONTACT INFORMATION PROVIDED IN THE SUSPICIOUS EMAIL

Fraudsters often include fake phone numbers in their emails that connect to accomplices who will confirm the false banking change. Always use contact information from your own records or the vendor’s official website.

  1. IMPLEMENT A TWO-PERSON AUTHORIZATION POLICY

No single staff member should have the ability to update vendor banking information and process a payment without a second person reviewing and approving the change. This simple internal control can prevent significant losses.

  1. REPORT SUSPICIOUS EMAIL IMMEDIATELY

If anyone in your organization receives a suspicious email matching this description – even if no payment was made – please report it immediately. Near-miss reports are valuable to this investigation and meet the criminal threshold of attempted fraud.

IF YOU THINK YOU HAVE BEEN TARGETED

If your organization has already made a payment based on suspicious banking instructions, act immediately:

  • Contact your bank or financial institution right away and ask them to recall or freeze the payment
  • Do not delete any emails related to the transaction
  • Contact Treaty Three Police Service immediately

Time is critical. The faster a report is made, the greater the chance of recovering funds.

Investigative Coordination

The Treaty Three Police Service has engaged the following agencies in relation to these files:

  • RCMP Cyber
  • FBI Legal Attaché, Ottawa
  • OPP Digital Forensics

For emergencies involving immediate financial loss, contact your local police service or call 1-888-310-1122.

Please share this bulletin within your organization and affiliated organizations within your network.

Treaty Three Police Service is a self-administered policing entity under the First Nations Policing Program in Canada, responsible for full policing duties within the Treaty #3 territory.

-30-

Careers
in Policing

We strive to offer a work environment where employees are engaged and participating in continuous improvement that benefits the individual, organization and communities we serve.

Browse Opportunities

Treaty Three Police
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.