Phishing Attack Victimizes St. Catharines Hydro

St. Catharines Hydro Inc. recently held a board-of-directors meeting regarding one hack into its bank A/C that happened on December 13. The incident is under investigation by the Niagara Regional Police.

A holding organization, St. Catharines Hydro parents its subsidiary St. Catharines Hydro Generation that runs Heywood Generating Station. The owner of the organization is the City of St. Catharines, which holds shares of Horizon Utilities Corporation.

The hack caused a loss of $655,000 that was stolen out of a bank account of the organization's board. This was possible when a staff member who had access to the banking information of St. Catharines Hydro got victimized with a phishing e-mail. The electronic mail looking as a message from the banking institution of the utility asked for substantiating the bank login details of the hydro company.

Phishing refers to a practice wherein criminals dispatch one electronic mail posing as message from an authentic organization, however, connects with a fake website aimed with capturing login credentials and passwords. Within the above case, the e-mail looked as coming from St. Catharines Hydro's banking institution. The staff member inadvertently gave in the banking details that helped the phishers withdraw funds out of the account. Niagarathisweek.com posted this, December 23, 2016.

An investigation was conducted after the board sought the services of KPMG a company which renders advisory, tax and audit services. The investigation was to examine the disruption in various functioning of the utility which made the organization vulnerable.

A KPMG official said the kind of incident occurred one time or two times every month inside firms -big and small, only they weren't heard of. Breaches could result in unauthorized admission into bank accounts alternatively protected web-portals of companies. The attacks occurred more than anybody knew.

Regarding probes into phishing scams, Const. Virginia Moir of Niagara Regional Police said that when incidences as the above happened, detectives examined the inbound electronic mails' URL numbers, tracked the IP addresses from where they originated and issued warrants vis-à-vis the PCs linked with those IP addresses. In case the IP addresses were associated with PCs globally the NRP informed agencies within the places.

» SPAMfighter News - 12/29/2016