The email didn ’ t just seem innocent , it also seemed familiar to the accounts payable employee at MacEwan University in Edmonton . It was from one of the local construction firms the public institution deals with , logo and all . There was new bank account information —could accounts payable please change it ? The staff and this supposed vendor communicated back and forth , from late June until a few weeks ago , in early August . One university employee was involved in this correspondence at first ; two more were added . Then vendor payments went through , as scheduled : $ 1.9 million from MacEwan accounts on August 10 . Another $ 22,000 were transferred seven days later . Finally , $ 9.9 million went to this new bank account on August 19 , a Saturday . Wednesday morning , for the first time in this episode , came a phone call . The Edmonton-area vendor wanted to know why it never got its payments . The massive fraud had already been perpetrated , $ 11.8 million winding its way into a TD bank account in Montreal and much of it then wired overseas , a university spokesman says . Investigators have traced $ 11.4 million of the money and frozen the suspect accounts in Quebec and Hong Kong . The school is pursuing civil legal action to recover the money . “ The status of the balance of the funds is unknown at the time , ” a MacEwan statement said about the other $ 400,000 . There ’ s likely not a person reading this online who hasn ’ t received a phishing attack Attack.Phishing , in which someone pretending to be Attack.Phishing a bank sends Attack.Phishing an email or text message , hoping to trick Attack.Phishing you into enter or re-enter account information or a credit card number . What hit MacEwan was a spear phishing attack Attack.Phishing , in which scammers impersonate Attack.Phishing a client or associate of the individual . In this case , the fraudster had cut-and-pasted the actual vendor ’ s logo , MacEwan spokesman David Beharry said . A phishing attacker will often cast several lures Attack.Phishing ; in this case , investigators said 14 different Edmonton-area construction sites or firms were impersonated Attack.Phishing as part of this attempt . The successful trick Attack.Phishing led to financial transfers equivalent to more than five per cent of the publicly funded school ’ s 2016 operating budget , according to records . This inflicted vastly more damage than the last well-documented online scam to successfully target an Alberta post-secondary school : last year , University of Calgary paid Attack.Ransom $ 20,000 in what ’ s known as a ransomware attack Attack.Ransom , in which cyberattackers manage to lock or encrypt network data until the victim pays up Attack.Ransom . While MacEwan is confident it can recoup the amounts already frozen , it will also incur legal fees on three continents as it tries to do so , Beharry says . Edmonton ’ s second-largest university knew enough about this problem to launch its own phishing awareness campaign last school year for staff and students , posters and all . Now , the school itself will become a cautionary tale about the perils and pratfalls of spear phishing cyberattacks Attack.Phishing . With this ugly incident , MacEwan University becomes a cautionary tale of another sort : financial controls . These were not high-level employees ensnared by this phishing attack Attack.Phishing , the school spokesman says , though he did not identify them or clarify how the three employees were involved . From now on , one fraud and $ 11.8 million later , such vendor banking information changes will need to go through a second and third level of approval at MacEwan before the final clicks or keystrokes occur .

Cyberthieves are increasingly targeting the malicious software , which locks all files on a targeted computer or network until the owner pays up Attack.Ransom , at smaller and arguably more vulnerable organizations . The Catholic Charities of Santa Clara County in California was a recent target . Seconds after a co-worker clicked on a malicious email attachment , “ the compressed file she had opened connected her computer with a server in the Ukraine , ” says Will Bailey , director of IT for the organization . “ It downloaded the ransomware code and began to encrypt files on her device ” . While cyberthieves ostensibly have more to gain from large organizations , experts say they see smaller organizations as lower-hanging fruit . Because a successful breach of an institution with fewer information security resources is easier to achieve and more likely to have a meaningful impact , it is also more likely to result in a payment . “ Small businesses are frequently a more appealing target for ransomware because they sit at the juncture of money and vulnerability , ” says Ryan Olson , director of the Palo Alto Networks Unit 42 cybersecurity threat intelligence team . “ They frequently have more money than individuals , but being small businesses , they lack the more sophisticated defenses that larger business have ” . “ These attackers have also learned that the most profitable method is to hit Attack.Ransom many small businesses with low ransom demands Attack.Ransom —usually $ 300 to $ 2,000 . Even small businesses can generally afford to pay those amounts ” . — Eric Hodge , director of consulting , IDT911 Consulting The stats are staggering . The frequency of ransomware attacks Attack.Ransom against organizations with fewer than 200 employees is poised to “ triple or quadruple ” from that of 2015 , according to Eric Hodge , director of consulting for IDT911 Consulting . And 60 percent of small businesses that suffer a ransomware attack Attack.Ransom are already going out of business within six months , according to the U.S. National Cyber Security Alliance . For many small businesses , if the ransom Attack.Ransom is low enough , and data backups aren ’ t available , experts say the most cost-effective response is often to pay the ransom Attack.Ransom . “ At this point , it seems to be the small companies , and individuals providing service as a company , who are in the crosshairs , ” Hodge says . “ These attackers have also learned that the most profitable method is to hit Attack.Ransom many small businesses with low ransom demands Attack.Ransom —usually $ 300 to $ 2,000 . Even small businesses can generally afford to pay those amounts ” . Ransomware reportedly has cost U.S. small to midsize businesses alone more than $ 75 billion in damages and payments , according to a September 2016 survey by data protection vendor Datto . Indeed , 31 percent of the Datto survey ’ s respondents said they had experienced multiple ransomware attacks Attack.Ransom within a single day , and a whopping 63 percent said these attacks led to downtime in their business operations , which could cost them as much as $ 8,500 per hour . And according to Symantec ’ s 2016 Internet Security Threat Report , 43 percent of last year ’ s phishing emails , the vast majority of which were laced with ransomware , targeted small businesses—up from 18 percent in 2011 . New research indicates that consumers similarly are becoming more attractive ransomware targets . According to a recent study from IBM X-Force , which surveyed 600 business professionals and 1,000 consumers , 54 percent of consumers said they would pay a ransom Attack.Ransom to retrieve their financial data , and 55 percent of parents said they would pay Attack.Ransom to have digital photos returned . With cybercriminals constantly upping their game in ransomware , small businesses and consumers have little choice but to remain vigilant and take “ simple steps ” to mitigate the risk of an attack , Palo Alto Networks ’ Olson says . In addition to keeping systems up-to-date with security updates , and taking precautions before opening attachments or clicking on links , he recommends maintaining offline backups—or cloud-based backups outside your network—to recover potentially compromised files .

A single SMS can force Samsung Galaxy devices into a crash and reboot loop , and leave the owner with no other option than to reset it to factory settings and lose all data stored on it . This is because there are certain bugs in older Samsung Galaxy phones and tablets that can be triggered via SMS , and used by attackers to force maliciously crafted configuration messages onto the users ’ device . The bugs allow these types of messages to be executed without user interaction . As the ContextIS researchers who discovered Vulnerability-related.DiscoverVulnerability the vulnerabilities explained , this avenue of attack can be abused by crooks to hold users ’ devices for ransom . “ First a ransom note is sent , if ignored then the malicious configuration message can be sent , ” they noted . If the victim pays up Attack.Ransom , a configuration message can later be sent to stop the rebooting . The vulnerabilities in question Vulnerability-related.DiscoverVulnerability , CVE-2016-7988 and CVE-2016-7989 , can be triggered through SMS on the S4 , S4 Mini , S5 and Note 4 , but not on newer Samsung devices . “ It ’ s worth noting that although newer phones such as the S6 and S7 aren ’ t affected over the air , [ a similar result ] could be accomplished by a malicious app abusing CVE-2016-7988 , ” they added Vulnerability-related.DiscoverVulnerability . These specific issues are related to modifications Samsung made to to the Android telephony framework and are found in a Samsung-specific application for handling carrier messages . “ We responsibly disclosed Vulnerability-related.DiscoverVulnerability this to Samsung who handle the patching process Vulnerability-related.PatchVulnerability with carriers . We extended our standard 90 day disclosure policy to allow Samsung time to arrange Vulnerability-related.PatchVulnerability for the patches to be made available , ” the researchers told Help Net Security . Whether all users of vulnerable devices have received Vulnerability-related.PatchVulnerability the patches is difficult to tell . “ The Android update process is a bit of a minefield and is well illustrated in this HTC diagram , ” they commented . They also noted that it ’ s possible that the same avenue of attack could be abused to target other devices – it all depends on how this same technology is handled by other vendors