P2022-ND-011

AMA Agencies Ltd. o/a AMA Insurance Agency

On April 2, 2021, two employees with the Organization were subject of a phishing attack. The employees received an email from a threat actor impersonating one of the Organization?s vendors, Premier Marine (Premier Group). The email was sent by (staff name)@PrennierGroup.com (the correct domain name of the vendor is premiergroup.com). The staff at Premier Group is a regular contact at Premier Group that handles issues related to account payment discrepancies. The email requested the Organization switch from physical cheque payments to electronic fund transfer (EFT) to address outstanding invoices. The email also asked for an update on the status of payments of outstanding invoices. Both employees separately replied by email to the threat actor that the Organization had already set up EFT payments with Premier Group. The employees sent documents containing the personal information of customers to the threat actor to substantiate that all invoices had been paid. The Organization reported that ?Not all customer information were individuals, as some information pertained to corporate clients?. On May 4, 2021, the employees noticed the misspelled domain and reported the threat. Premier Marine subsequently indicated that the email account (staff name)@premierroup.com “has been compromised”, which would be why the phishing attack appeared credible.

File Type: pdf
Categories: 2022
Tags: Unauthorized access