Police in northern Ontario are warning Indigenous businesses and organizations about sophisticated business email compromise scams after four companies lost a combined $800,000. Investigators say fraudsters impersonated trusted suppliers, contractors, and business contacts to redirect payments into fraudulent accounts.

Police services in northern Ontario are warning Indigenous organizations and businesses to strengthen their internal payment controls after four recent cyber-fraud cases resulted in more than $800,000 in combined losses.

The cases involve a form of targeted online fraud commonly known as business email compromise, or BEC. In these schemes, fraudsters impersonate trusted suppliers, contractors, or business contacts and persuade an organization to send payments to accounts controlled by criminals.

The Anishinabek Police Service said it is investigating two business email compromise cases involving Indigenous organizations, with losses totalling more than $350,000. Treaty Three Police Service reported two similar cases in its jurisdiction, with losses exceeding $470,000.

Police have not identified the affected businesses or the communities where the incidents took place.

According to investigators, the scams involved emails that appeared to come from legitimate business contacts. The messages requested updated banking information for future payments. Once the changes were accepted, payments that were meant for real suppliers or contractors were redirected into fraudulent accounts.

Business email compromise scams can be especially difficult to detect because they often blend into ordinary business operations. Fraudsters may send messages that appear to relate to real invoices, existing contracts, or ongoing payment discussions. In some cases, criminals may gain access to a legitimate email account and monitor communications for weeks before intervening at the right moment.

That timing can make the fraud appear convincing. A payment request may arrive during an active transaction, from what looks like a familiar contact, using language that matches the normal course of business. Staff may believe they are simply updating payment information or processing an invoice as expected.

The Canadian Anti-Fraud Centre has identified spear phishing and business email compromise as major sources of reported fraud losses in Canada. Spear phishing involves targeted messages designed to trick a specific person or organization, often by using familiar names, current transactions, or convincing business details.

Police say scammers may also create email addresses that closely resemble legitimate ones, sometimes changing only a single letter, punctuation mark, or domain detail. These small differences can be easy to miss during a busy workday, particularly when the message appears urgent or routine.

The recent northern Ontario cases highlight the risk facing businesses, non-profits, Indigenous organizations, and other entities that regularly process invoices, vendor payments, or banking changes by email. A single fraudulent banking update can result in significant losses before the organization realizes the money has been diverted.

Police are urging organizations to independently verify any request to change payment details. That verification should be done by phone or another trusted method using contact information already on file, rather than by replying to the email that requested the change.

Organizations are also being encouraged to use multi-factor authentication, require dual approval for payments, train staff to recognize suspicious messages, and create clear internal procedures for banking changes.

These measures are especially important where payments are large, recurring, or tied to suppliers and contractors. Fraudsters often rely on urgency, familiarity, and routine business processes to bypass scrutiny.

The warning comes as reported losses from spear phishing remain high across Canada. According to the Canadian Anti-Fraud Centre, spear phishing scams caused nearly $68 million in reported losses in 2025. More than $30 million in losses had already been reported during the first three months of 2026.

Because many fraud incidents are never reported, the true scale of the problem is likely higher.

For affected organizations, business email compromise can cause more than direct financial loss. It can disrupt operations, strain supplier relationships, and force organizations to review payment systems, cybersecurity practices, and internal controls.

Police are asking businesses and organizations to treat any request for new banking information as a high-risk event. Even when a message appears to come from a known contact, payment changes should be verified independently before funds are sent.

The post Northern Ontario Indigenous Businesses Lose $800K in Email Fraud Scams appeared first on Canadian Fraud News Inc. | Fraud related news | Fraud in Canada.

Originally published on Canadian Fraud News.