Canadian Medical Association
An employee received an email request for a list of all Organization members, purportedly from a senior executive in the Organization. The email appeared to have been sent from a legitimate Organization account, but also requested that the information be sent to a Yahoo account that included the executive?s name. The Yahoo account was ?spoofed,? i.e. fraudulent. The employee responded to the request, sending the personal information to both the legitimate Organization email account and the spoofed Yahoo account.