This notice is from the archives of The Notice Board. Information contained in this notice was accurate at the time of publication but may no longer be so.
At the December 2016 Board of Governors meeting, a report on an investigation of an external fraud was presented to Senior Management and the Board of the University of Lethbridge. In early 2016, it was identified that the University of Lethbridge was the victim of a fraud perpetrated against it by an individual or organization believed to be located outside of Canada. The loss from this fraud was approximately $368,000, resulting from several payments over a two-month period.
The fraud transpired when payments owing to an external vendor of the University were sent through a process of misdirection to an alternative, non-authentic bank account. This type of fraud is commonly referred to as “Spear Phishing” and occurred when communication the University received purposely misrepresented the intentions and banking information of the legitimate vendor.
On discovery of the fraud, the University notified the Director, Internal Audit at the University, Lethbridge Police Service (LPS), Office of the Auditor General of the Province of Alberta, and the Audit Committee of the Board of Governors of the University of Lethbridge. LPS has led an investigation into the fraud. At this point, no criminal charges related to this fraud have been laid.
Internal Audit at the University also began a comprehensive investigation and review of all internal activity related to the fraud. The review includes recommendations outlining additional steps the University should undertake to avoid similar frauds in the future as well as recommendations on actions the University should pursue to address the specific circumstances of the fraud that occurred. The University will use all available means to recover these funds.
A further discovery of the investigation was that while there were internal controls in place to counter such a fraud from occurring, those controls were not adequately followed. In response, the University of Lethbridge has implemented more robust training for staff in computer fraud prevention, is conducting an independent assessment of internal controls and procedure documents designed to prevent similar frauds, and is promoting greater awareness of different types of fraudulent activities.
The University is subjected to constant “phishing” type attacks, as are most individuals and organizations today. In addition to utilizing good judgement, we expect all members of the University community to actively screen emails, to participate in cybersecurity training opportunities provided and familiarize themselves with the policies and practices meant to limit inappropriate access to systems and phishing attacks.
Dr. Mike Mahon
President and Vice-Chancellor
Contact:
Trevor Kenney | trevor.kenney@uleth.ca | 403-329-2710