Cyber Incident Victim: City of Saskatoon
Date:
Aug 2019
Location:
Canada
Summary
The City of Saskatoon fell victim to a business email compromise scam where a fraudster impersonated a construction company's Chief Financial Officer, resulting in a fraudulent wire transfer of approximately $1.04 million. Following discovery, authorities froze between 10 and 15 Canadian bank accounts containing most of the funds, recovering $40,000 initially with expectations of partial recovery; security controls for financial transactions were subsequently strengthened to mitigate future risks. The incident highlights coordinated criminal operations targeting organizational payment processes, though specific perpetrators remain unidentified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The City of Saskatoon fell victim to a business email compromise (BEC) fraud between August 7 and 8, 2019, resulting in the unauthorized transfer of $1.04 million to a scammer impersonating the Chief Financial Officer of Allan Construction, a contractor engaged in bridge rehabilitation work. The fraudster used manipulated payment documents appearing legitimate but containing altered banking details to redirect funds to accounts under their control. City employees responsible for financial transactions processed the fraudulent wire transfer following email instructions from the impersonated executive. The incident was discovered on August 12, prompting immediate notification to law enforcement agencies and financial institutions to attempt transaction reversal and fund recovery. City Manager Jeff Jorgenson confirmed that authorities successfully traced most transferred funds to between 10 and 15 bank accounts, primarily within Canada, which were subsequently frozen through court orders.
Initial recovery efforts secured $40,000, with ongoing legal processes to reclaim remaining amounts from frozen accounts. The city acknowledged that full recovery was unlikely but expressed confidence in retrieving most funds due to the domestic location of many accounts, which prevented overseas transfers that typically complicate recovery. This incident prompted the municipal administration to implement enhanced security protocols for financial transactions to prevent recurrence. Contextual information from cybersecurity reports indicates BEC scams frequently involve organized criminal groups, with the FBI noting such fraud caused over $1.2 billion in U.S. losses during the preceding year. Parallel investigations by email security firm Agari documented BEC groups expanding from individual operators to structured criminal networks over multi-year periods, though no specific attribution was made regarding the Saskatoon attack. The city's response focused on financial recovery and procedural improvements without public disclosure of technical system details or internal disciplinary actions related to the incident.