Business Email Compromise (BEC) also known as email account compromise (EAC) attacks exploit our collective reliance on email to conduct business and personal affairs. While there are many variations on this cyberattack, the most difficult to detect are situations where an attacker gains control over a supplier’s email address and uses it to request a seemingly legitimate business payment. The fraudster will request a payment be sent electronically to a new account that they control. This is what makes it so effective, because to the recipient, the compromised email is authentic since it originates from a known authority figure from a supplier. Many employees will fail to realize that it is a cyberattack.
Continue Reading Electronic Fraud: Responding to a Business Email Compromise (BEC)

On June 13, 2014, the Supreme Court of Canada delivered the landmark decision of R. v. Spencer (“Spencer“).  In this decision, Mr. Justice Thomas Cromwell, writing for the Court, set out the ground rules for police to obtain subscriber information from Internet Service Providers (“ISPs”). In doing so, the Court effectively put an end to the practice of the police informally requesting, and ISPs providing, such subscriber data without a warrant.
Continue Reading Supreme Court rules on online anonymity – Potential impact on fraud investigations?

Source: gizmodo.com

The Ontario Securities Commission (OSC) has begun discussions with legislators and law enforcement agencies in an effort to expand its powers to include wiretapping rights with respect to parties under investigation.

As the country’s largest and most influential securities regulator, the OSC’s policies and decisions impact the majority of brokerages, mutual funds, and pension funds in the country.  In recent years the OSC has placed emphasis on the need for more comprehensive anti-fraud and law enforcement strategies.
Continue Reading Provincial securities regulator seeks expanded powers to combat fraud and insider trading

Source: Thinkstock

As part of Fraud Prevention Month, the RCMP is rolling out tip sheets to help Canadians protect themselves against an ever-growing number of scams and frauds including a list of Top 10 Cyber Crime Prevention Tips.  Many of these tip sheets highlight the role of technology in fraudulent schemes and the importance of ensuring that personal information remains secure and confidential.  For example, the RCMP warns against various forms of online shopping fraud, such as where fraudsters sell products at deeply discounted prices so they can steal the personal information and payment card details of unsuspecting buyers. 
Continue Reading Cyber crime is a growing threat

Source: lawinquebec.wordpress.com

Employee surveillance is an excellent and available method by which companies can protect against fraud.  Monitoring of company-supplied hardware, software and access is perfectly legal and arguably compelling in Canada.  Many still act under the mistaken belief that when it comes to personal communications such as e-mail and social media forums such as Facebook and Twitter, anything intended as private and personal is protected.

In truth, such privacy is very limited. The legal rubric underlying such an assumption is “reasonable expectation of privacy”, an expression borrowed for global adaptation from the 4th Amendment to the US Constitution, and protected in the Canadian Charter.  Historically, personal communications and the privacy protections afforded them were sacrosanct. In addition to the medium of ‘snail mail’ being confidential in its own right—the sealed envelope—most jurisdictions honoured the British-based “Royal Mail Rule” premised upon the opening of personal mail as verboten.
Continue Reading Anti-fraud monitoring: The employer’s right of surveillance