What is a vendor impersonation scam?

A vendor impersonation scam occurs when criminals pose as an existing supplier and request a bank account change, often via spoofed email and realistic invoices. If staff update the details without independent verification, payments are redirected to the fraudster. Callbacks to known numbers and dual approvals can block this attack.

Could the lost TDSB funds be recovered?

Recovery depends on how quickly the fraud is detected, the payment rails used, and cooperation from banks and law enforcement. Wires and EFTs move fast, and funds can be withdrawn or layered. Immediate bank recalls, law enforcement reports, and freezing beneficiary accounts improve the odds, but recovery is uncertain.

What controls should school boards implement now?

Require two-step verification for bank changes, dual approval for changed-beneficiary payments, and a short hold before first disbursement. Use a secure supplier portal with MFA and audit logs, revalidate vendor-of-record data periodically, and train staff to spot urgency, domain spoofing, and invoice mismatches. Document every verification action.

How does this impact private vendors that sell to public bodies?

Vendors may face slower onboarding, stricter verification, and more callbacks, but these steps protect both sides. Keeping contacts current, signing up for secure portals, and confirming change requests promptly reduces friction. Clear communication and timely documentation help prevent disputes and stop redirection attempts before payments are released.

Law and Government

Public Funds Lost: TDSB $1M Payment Fraud Probe — January 02

ByHuzaifa Zahoor January 2, 2026January 2, 2026

The TDSB fraud reported on January 2 spotlights how a vendor impersonation scam can drain public funds and expose control gaps. A Toronto Star investigation says the Toronto District School Board sent C$1 million to a fraudster via a spoofed vendor request. For Canadians, this raises concerns about public sector payment fraud, procurement risk, and cyber exposure. We explain the incident, the scam model, and why accounts payable controls now require immediate upgrades across school boards, municipalities, and agencies.