City of Ottawa
Cybercrime in Canada – 3 min read

City of Ottawa Becomes a Victim of Cybercrime

Even the most savvy can find themselves duped. High-level executives and public officials have found themselves targeted by cybercriminals. The attackers can take multiple months or longer harvesting information about their target in order to launch an attack that doesn't raise any suspicion. The results can be crushing—both financially and personally. The sums lost can be enormousoften 6-plus figures. However, equally important are the emotional and otherwise personal damages. Discovering that you have been tricked into doing something foolish can be personally humiliating and reputationally harmful. Imagine that you are at the pinnacle of your career, highly respected by your peers, and well known in your community because of your senior public-facing position. Then one day you find out that not only have you sent an enormous sum to a fraudster, but you were also on the verge of sending a second enormous sum to the same dirty trickster. Let us tell you about the terrible, no good, very bad day of a senior executive with the City of Ottawa.

 

The Target at the City of Ottawa

 

Marion Simulik, City Treasurer for the City of Ottawa had the terrible misfortune of being targeted and tricked into sending more than $100,000 to a fraudster in the United States. More specifically, she sent US $97,797.20, which is roughly the equivalent of CAD $130,000 funds to an American cybercriminal. She did so at the request of the city manager who requested that she pay a supplier. Simulik reached out to a supplier to verify the details and over the course of a few hours they emailed back and forth. Simulik then sent what she thought was a legitimate bill at the request of her boss. Revelling in their success, the cyber bad guy reached out to Simulik a second time a few days later, pretending once again to be the city manager and requested that she pay an additional $150,000 to the same supplier. Thankfully, the second request came at a time when Simulik was with the city manager and she asked him about the payment. Once they realized the email was a phishing email (also called a whaling email when the targets are CEO or senior level public servants) the Ottawa police were contacted.

In a fortunate turn of events, the fraudsters transferred the original payment from one US account to a second US account and the second account was being watched by the US secret service. Within a month, the US authorities reached out to the City of Ottawa to inform them that they were victims of cybercrime (which they already knew). Given that the second account was being monitored, there is a good chance that the City of Ottawa will get some of their money back.

By all accounts, Simulik is a responsible and well-respected steward of finances for the City of Ottawa and was terribly embarrassed by the incident. She gave a statement to city council in which she said: "That I should be the target and victim of this sophisticated attack has affected me deeply both professionally and personally." Indeed, she was an unwitting victim targeted by cybercriminals in a sophisticated plan and if it could happen to her, it could happen to anyone.

 

That I should be the target and victim of this sophisticated attack has affected me deeply both professionally and personally.

 

New City of Ottawa Cybersecurity Measures

 

The City of Ottawa, once becoming aware of how sophisticated and insidious these attacks can be, took steps to protect themselves from future cyber scams. Steps taken to avoid such phishing scams include:

 

  1. Automatic warnings when emails come from an external source
  2. No employee now has the ability to both create and approve a wire transfer
  3. City of Ottawa is also working on a mandatory cyber-awareness training for city staff



If you're interested in reading more about the City of Ottawa phishing attack, CBC and The Ottawa Citizen covered the story.

 

The best defence against phishing attacks is ongoing education through security awareness training. To book a cybersecurity session for your team, get in touch with CITI.

 

 

Learn about your IT security. Register for a free cybersecurity consultation.  Book Now Considering moving to the cloud? Find out if the cloud is right for your  company.Book Now
Guide to Email Security from our Practice Safe Cyber Series Download Your Poster
Global Toronto and CreateTO City of Toronto Agencies Case Study
Learn about your IT security. Register for a free cybersecurity consultation.  Book Now
Guide to Ransomware Attacks in Canada
Considering moving to the cloud? Find out if the cloud is right for your  company.Book Now
New IT Infrastructure Transforms Organization. KCI Ketchum Canada
Engage our services and get 10 hours free. It's easy to work with CITI. Become  a client.Book Appointment

IT Insights from our Blog

Read more

We're here to help!

Moving to the Cloud
Cybersecurity

Is your management team asking about your IT security policies and practices? Are you worried about a cybersecurity breach? CITI’s comprehensive IT security services provide all the information your company needs to deal with current and future security situations and concerns. Learn about your IT security. Register for a free cybersecurity session.

Managed Services

There is another way to manage your IT that doesn’t require you call your IT firm. Managed IT services offer proactive care, support, monitoring and maintenance of your computer systems for a fixed monthly fee. Process-driven, less involvement, more predictable cost. Yes, Virginia, there is a way to keep your IT running smoothly that does not require you to make a call.

Pay-As-You-Go

Are you concerned about minimizing IT maintenance costs? Perhaps you’re techno savvy. Or maybe you only need an IT firm for complex IT situations. CITI can provide exactly the volume of IT services that you want and need from network troubleshooting to helping a user with a jammed printer. Our full range of services are available on a per incident basis.

Disaster Recovery

Is the stuff of your nightmares power outages? The only way to deal with a severe interruption to business operations is to plan for it. Beginning with a disaster recovery plan through implementing and maintaining failsafe, foolproof, rock-solid offsite backups, CITI has helped 100s of companies protect their most valuable asset—their data and systems.

IT Consulting

Uncertain if your company should move to the cloud? Do you have doubts about the best way to back up your data? Looking for ways to minimize your vulnerability to IT security breaches? Perhaps you’re looking for help with your annual IT budget. CITI’s IT advisory services help businesses make informed strategic and tactical decisions on information technology.

Call Us