Oak Bay police are warning residents to take steps to protect themselves online after reports of a Distributed Spam Distraction attack on a municipal councillor. (File photo)

Oak Bay police are warning residents to take steps to protect themselves online after reports of a Distributed Spam Distraction attack on a municipal councillor. (File photo)

Distraction scam hits Oak Bay councillor

Distributed Spam Distraction floods email while stealing money through e-transfers

  • Sep. 12, 2018 12:00 a.m.

An Oak Bay municipal councillor is the latest victim of a scam in which a thief floods a person’s inbox with thousands of emails as a distraction tactic while money is withdrawn from the person’s bank account through online e-transfers.

The scam, called Distributed Spam Distraction (DSD), has been around for a few years, getting continuously more sophisticated. Originally, the inundating emails were copy and paste nonsensical text but heightened security and spam filters made hackers evolve, now using software to sign their targets up for thousands of newsletters and free accounts resulting in the target being swamped with legitimate confirmation emails that sneak past spam filters.

“These are extremely difficult and costly to even attempt to investigate given the complexity of tracking these individuals and the cross border/global nature of this crime,” said Oak Bay Police Deputy Chief Ray Bernoties.

The police advise residents to take extra measures to protect themselves online, though even extra caution doesn’t guarantee protection.

“I was shocked to have this happen to me as I am one of the most careful people I know when it comes to online activity,” said Hazel Braithwaite, Oak Bay councillor. “I only use my online banking for paying bills. I never click on things I shouldn’t and I am uber aware of emails coming in from people I don’t know. I don’t share my passwords or use easy ones and I have a great anti-virus on my system. So to have this happen to me was scary.”

It was on Sept.6, that Braithwaite noticed a flood of emails coming into her inbox. In less than an hour, she received almost 2,000.

“They just kept coming in and they were all looking like confirmation emails from organizations that seemed to think I had signed up for a subscription from them – whether it was a magazine, a website or an online shopping site,” said Braithwaite. “It was truly overwhelming.”

At first she thought it was just a random spam attack. With a meeting scheduled for that morning that she had to attend, Braithwaite planned to call her email provider later in the day to sort it out.

While at the meeting, she brought the experience up to someone who responded with a grave warning to her: the emails are the least of the concerns. That person had recently been the subject of a similar attack in which they received 600 emails over a very short period of time and while they were getting their IT department to look at where they were coming from, three $2,000 e-transfers came out of their bank account.

“Once I heard that, I immediately went onto my online banking and checked my chequing account to ensure nothing had been taken out. Thankfully it hadn’t. So I put alerts on all of my accounts and felt pretty smug that I had outsmarted the spammers – boy was I wrong,” said Braithwaite.

Later in the afternoon, she got a call from her credit union. They asked if Braithwaite had made two e-transfers for $4,900 each from two different accounts.

“They took the money out of accounts I don’t normally use – not my chequing account, so that is why I hadn’t noticed the withdrawals,” she said.

The 2,000 emails came in between 6:15 a.m. and 6:42 a.m. and at 6:24 a.m. the scammers made the transfers out of Braithwaite’s bank accounts.

The onslaught of emails is used to distract the target and bury legitimate emails in the event the victim is set up to receive email alerts of unusual activity in their bank accounts. The email from the bank would be lost within the barrage of emails coming into the account.

“I am thankful my credit union is so on top of fraudulent activity that they were able to catch this and refund my money right away,” said Braithwaite.

Oak Bay Police recommend not using public wifi for sensitive matters such as accessing bank accounts, not using debit cards for on-line transactions and closely monitoring bank and credit card accounts.

Other protective measures include signing up with your bank to be notified by text message when there is unusual activity in your bank accounts; investing in a shredder so as not to throw out sensitive information; monitoring your credit report at Equifax and TransUnion; changing passwords often, not only on bank accounts, but credit cards and online accounts such as PayPal as well.

“We hope people will take steps to protect their vulnerable loved ones from these scams by educating them and, in some cases, perhaps even limiting their exposure to unsolicited calls or emails,” said Bernoties.

More information about how to protect yourself from fraud can be found online at Canadian Anti-Fraud Centre.

If you have been a target of fraud, call your local police, place flags on all banks accounts, report to both credit bureaus Equifax and TransUnion, and file a report with the Canadian Anti-Fraud Centre online or by phone at 888-495-8501.


 

keri.coles@oakbaynews.comFollow us on Instagram

Like us on Facebook and follow us on Twitter.

Oak Bay News

Most Read