National Bank business services customers were victims of phishing campaigns during the month of September that could have caused them to lose tens of thousands of dollars. In at least one case, the amount lost was $60,000.
“A limited number of business customers have been victims of phishing campaigns,” simply stated Tuesday morning, in response to an email from Dutya spokesperson for the National Bank when questioned about alleged cases of computer transfers that occurred in September without the knowledge of some of its clients.
“Our teams are in contact with them,” added the bank, which specified that “a few dozen” customers would be affected.
“We invite our customers to be vigilant and follow good security practices, in particular by never disclosing codes, passwords or identifiers. »
The National Bank is careful not to comment beyond the comments above on the extent of the losses and the method used to try to extract their banking information or a sum of money from some of its customers.
An unexplained transfer
A National Bank client who says he lost $60,000 last month is the Montreal used electric vehicle dealer Muze. Its owner, Pascal Gosset, claims to have seen the sum taken from his company’s account on September 14. A person would have unknowingly accessed their account and made a transfer to the account of a third person at Scotiabank.
The entire transaction would have been completed in an exceptionally short time, estimates Pascal Gosset. “When you make a bank transfer, you must create a profile of the recipient with their contact details and the reason for the transfer. In this case, it was all done in a minute. It’s humanly impossible,” he says.
Another detail, Pascal Gosset says he uses a security USB key to connect to his accounts. This key generates a six-digit code that is renewed every 30 seconds. Defeating such a security device is extremely difficult for a hacker.
“$60,000 is a significant amount for my business,” laments Mr. Gosset. The bank has still not compensated him for this loss.
A worrying trend
Online phishing campaigns take many forms and can target both customers and employees of banking institutions. One thing is certain: the phenomenon is on the rise. Over the past four years, the total value of losses resulting from online fraud has tripled, reaching US$48 billion over the last year, according to specialist firm Juniper.
The increase in popularity of financial transactions over the Internet, and more particularly on mobile, would be to blame, observes Quebec computer security expert and lecturer at the University of Sherbrooke Steve Waterhouse.
“People are doing more and more transactions on their mobile devices and there is no security software on phones,” he says. “So yes, it’s getting worse and worse. »
Steve Waterhouse stresses the importance of having adequate protection against malware and spyware on all your computing devices, even if you’re using a two-factor authentication system as sophisticated as a USB security key.
“Some software monitors what people do on the keyboard or screen of their computer, and can obtain the username, password and even security code,” he says.
It is all the more important for the public to properly protect their sensitive data as the law does not require institutions to disclose when they are victims of computer attacks, recalls the expert. Federal law requires companies to report cases of data breaches only to certain government organizations, including the Canadian Security Intelligence Service.
“In the best of all worlds, this information would be public,” says Steve Waterhouse. “At the very least, Canadian institutions must continue to encourage their clients to be ever more vigilant when it comes to cyber hygiene. »