CRTC Chair’s Email Spoofed, Asks Employees to Buy iTunes Cards: Reports

Ian Scott, chairman of the Canadian Radio-television and Telecommunications Commission (CRTC), told the House of Commons Industry and Technology (INDU) committee that he was once the victim of an e-mail spoofing scam — reports The Globe and Mail.

Apparently, bad actors were able to impersonate Scott’s e-mail address an undisclosed amount of time ago. The perpetrators then sent messages to members of his staff, pretending to be him and asking them to purchase and send over thousands of dollars worth of gift cards.

“They are very quick. Some of them are very sophisticated,” he told the committee. “I have had employees with e-mails from me apparently. I don’t usually ask people to go out and buy thousands of dollars of iTunes cards.”

MPs on the INDU committee are currently carrying out an inquiry into fraudulent calls.

Scott said email spoofing is just one type of scam used by bad actors to trick Canadians into sending them money. Another time, the CRTC head said some fraudsters tried to extort funds from the organization to cover fake municipal contracts.

“CRTC staff have been targeted by phishing campaigns in the past,” a CRTC spokesperson said in an e-mail.

“However, we have since put in place safeguards that identify emails originating from outside the CRTC, upgraded our IT security tools and conducted awareness campaigns for staff. We are confident that these campaigns have not been successful at the CRTC.”

The spokesperson did not divulge specifics regarding the gift card scam, only saying that it had happened “a while ago.”

Scott said he is working with the Royal Canadian Mounted Police, the telecom industry, the Communications Security Establishment, and a number of federal institutions, including the Canada Revenue Agency (CRA), to warn Canadians about fraud.

Scammers, Scott said, “are clever and they are very quick to take advantage of public announcements.” He warned against the “opportunistic” nature of fraudsters and their penchant for using current events to prey on innocent Canadians.

For example, some scammers spun up a fraudulent campaign to grift money from Rogers customers when the telecom giant announced it would compensate customers for a nationwide network outage in July. These scammers would contact Rogers customers and ask them for small payments, pretending the payments were linked to the refunds.

Similarly, several scams joined the fray soon after the CRA announced rebates.

Even the head of the organization that regulates all telecommunications mediums in Canada isn’t safe from email spoofing and phishing campaigns. All the more reason for you to enable (at least) two-factor authentication on everything.