CAMBRIDGE BAY — The ambitious development plans of the Nunavut Resources Corp. suffered a heavy blow earlier this year when its COO, Scott Northey, discovered that the organization’s bank account had been emptied of approximately $ 300,000.
For three months, emails from a hacker who had somehow acquired or mirrored Northey’s personal email address instructed the NRC accountant in Yellowknife to transfer money to various accounts.
Northey, who is based in Toronto, said he first realized something was wrong when an email requesting a money transfer ended up in his inbox.
He contacted the accountant, who had not received this email.
But he didn’t link that email to the constant emails the accountant had received and acted on until he saw the cash flow in the company’s bank account.
Emails, which appeared to be from Northey’s personal account, had asked for up to $ 25,000 per day to be forwarded to various people, as well as non-existent companies like Canadian Automotive Fabric Recycling.
In an “pouf,” the organization’s nest egg is gone, Northey said. NRC was founded in 2010 to develop resource-rich Inuit lands in the Kitikmeot region of Nunavut.
The company had a cushion: In April 2012, the NRC, owned by the Kitikmeot Inuit Association, received $ 3 million from the federal government, as well as money later received via KIA from other sources.
The realization that so much money was gone was “horrible,” said Northey, who attended the KIA’s annual general meeting in Cambridge Bay.
Only about $ 30,000 was recovered, said Northey, who called the hack “tragic.”
“It was pure fraud,” he said, adding that he spoke openly about the hack so that others could take precautions.
“Trolls are probably going to call me a knucklehead,” Northey said.
But Northey has extensive financial experience. According to an online financial profile, Northey was, from 2003 to 2008, responsible for rebuilding the infrastructure and project finance businesses at TD Securities. He was also Vice President and Director of Asset Securitization at CIBC Wood Gundy.
The RCMP and the company’s bank continue to investigate the incident and legal action is still possible, he said.
Since then, the NRC has had a new accountant and new banking methods, he said.
Internet technology advisors say that to avoid having your passwords stolen, you should:
• Never fall into the trap of e-mails asking you to verify your password.
• Make sure to sign out of your account on public computers.
• Use an email password that is difficult to guess.
• Update your online security.
• Use secure WiFi connections.
• Avoid new applications.
You can also request a two-step verification for accounts that activates if someone tries to use your sign-in information from another device.
Northey, whose email address had a complex password, said he believed the hackers had managed to send emails that appeared to be from him using a domain that mirrored his account.
On Thursday morning, NRC plans to provide an update at the KIA meeting on its activities in the development of mineral exploration and new infrastructure in the Kitikmeot region.