On December 2, 2019, the Organization received complaints from consumers about its checkout process. The Organization investigated and discovered that malicious code had been added to its ecommerce site (site) earlier the same day. The malicious code directed users to a spoofed webpage where they were asked to enter their payment card details in order to complete their purchases. Users who completed the payment card details page were then directed to the real webpage, where they were asked to complete the forms again. The Organization’s investigation determined that a phishing email had been sent to a small distribution list, and administrator credentials were likely obtained as a result. Seven Alberta consumers were returned from the spoofed webpage to the site and completed their payment details within the correct form. It is possible that these users provided information on the spoofed webpage.
Five Alberta users failed to return and complete the correct form on the site. These individuals may or may not have provided the same information on the spoofed webpage.
P2021-ND-077
File Type:
pdf
File Size:
614 KB
Categories:
2021