85 000$ Stolen from our small business

A couple of weeks before Christmas, and after what we believed was a very successful year, we discovered that we had become victims of cybercrime—$85,000 was stolen from us.

Despite reaching out for help, we were turned away by the police, our bank, the scammers’ bank, the RCMP, Interac, and even the mayor. We're now left feeling hopeless, struggling to stay afloat as each day becomes more difficult.

Please keep reading below for more details.

If someone robbed you for over $85,000, you would think the authorities would do something about it in short order, right?

Well the short answer is no.

Fusion Welding & Fabrication Inc. is a small welding business that has been serving the Ottawa region since 2016. The Owner, Shea Persaud, took a leap of faith when he was just 19 years of age, starting the business with less than $6000 to his name, and transforming it into one of the most well-respected welding & fabrication firms in the region. This came with blood, sweat, tears, unbelievably long hours, and surviving through the pandemic which nearly sank operations in 2020-2021.

After 4 years of slow recovery from lost income during the pandemic, 2025 was looking promising – then the business fell victim to cyber-crime.

The price? Over $85,000 stolen.

This was all uncovered about 1 week before Christmas of 2024. As part of regular monthly operations, clients of Fusion Welding & Fabrication who had outstanding invoices were reached out to via email.

One of Fusion’s largest clients responded promptly through a phone call to the company owner, indicating that an invoice for over $67K had already been paid. This prompted Fusion representatives to comb through statements and emails. After confirming that no payment had been received, alarm bells began ringing and what was uncovered in the company email’s deleted folder was shocking – more than 20 emails sent from Fusion’s inbox to various clients.

The emails, which did not originate from any Fusion employee but came from the company email were sent to various clients with amounts owing indicating that:

1. For larger wire transfer payments, the company banking information had changed and all payments were to be sent to a new account number/institution; and,

2. For e-transfers – they could still be sent to the normal email address, however clients may notice a new bookkeeper name, “Peniel Nwaozor”, listed in the confirmation email when the funds are deposited

Evidently, a third party with mal intent had gained access to the company email account. Clients were reached out to immediately, and it was confirmed that in total, one client had sent over $67K to the “updated” banking information – a National Bank account that Fusion has no affiliation or access to, and two clients had e-transfers, worth over $18K deposited by a “Peniel Nwaozor”.

Fusion acted immediately – hiring an IT Security company to secure all online accounts. The IT Security Company was able to confirm that a hacker had gained access to the company’s outlook email, contacted clients, and set rules so that:

· Any responses from clients did not send notifications to the company owner

· All emails with the word “interac” were hidden

These rules allowed the hackers to work in the background – with full access to view when clients were being reached out to and how much they owed the business. It also allowed the hacker to log into their bank account (which was determined to be a Simplii Financial account), set the autodeposit email to Fusion’s email information, and accept the change through a confirmation email sent to fusion’s inbox – all done without even accessing the company’s online banking. This e-transfer autodeposit change was what shocked the business the most – all that was required to make it happen was access to their email – no need to confirm anything through online banking access, no multi-factor confirmation steps from interact – just a simple click of the button and any e-transfers being sent to Fusion’s email address could be auto-deposited into the hackers account.

In addition to working with an IT Security company, Fusion contacted the RCMP right away – the response was underwhelming – “Thank you for the report, this is good to know, we’ll give you a case number but you must work with your local authorities to get this resolved”.

So onwards with the police report – the local Ottawa Police Services were contacted on December 17th, 2024, and a very sympathetic, respectful and clearly thorough officer recorded the crime, developed the report and instructed the business to email their own set of details to the Ottawa Police Services filing address. She also provided a direct line to Ottawa Police Fraud Unit and suggested to call the number to follow-up in a week or two.

Weeks go by and not a word from the Ottawa Police Services – so the company called the Fraud Department and a detective answered. Seeking an update on the case, the detective responded honestly, “We have an unbelievable backlog here in the fraud department, there are over 600 cases in front of you, it will likely be 24 months before you even have your case opened, and it is highly unlikely that you will ever get your funds recovered”.

Frustrated, and with a sense of absolute let-down, the company then contacted the Mayor of Ottawa, and the Ottawa Police Services Board.

The Mayor’s Office sent the following response:

Good morning Shea,

Thank you for taking the time to write. By way of this email, I am confirming the receipt of your correspondence. I have been tasked with getting back to you on behalf of the Mayor’s office.

Our office is very sorry to hear of the recent theft your company has been subjected to. As you can appreciate, by virtue of his role as an elected official in the Province of Ontario, the Mayor is unable to direct, nor intervene in, the day-to-day operations of the City’s municipal police service. That said, I have shared your concerns with our contacts in the Office of the Police Chief, for the Ottawa Police Service’s attention moving forward. Moreover, we are also glad to see that you have shared your concerns with members of the Ottawa Police Service Board.

Thank you again for taking the time to write and, on behalf of the Mayor’s office, I wish you the best.

Sincerely,

Benjamin Poirier

Communications Officer / Agent des communications

Office of Mayor Mark Sutcliffe / Bureau du maire Mark Sutcliffe

City of Ottawa / Ville d’Ottawa

The Ottawa Police Services Board responded with the following:

Good afternoon Shea,

Thank you for reaching out to the Ottawa Police Service Board and for sharing your concerning experience. I want to acknowledge the significant impact that this crime has had on you, your business, and your livelihood. I am truly sorry for the distress and financial hardship you are facing due to this incident.

Please know that the Board takes this matter seriously. We understand that a 24-month delay before an investigation is assigned is incredibly frustrating and unacceptable for victims of financial crimes. This is why, at its April 2024 meeting, the Board inquired with the Chief of Police regarding the staffing and capacity of the Fraud Unit. The inquiry included the following questions:

What are the main causes of the 24-month delay?

Is this timeline comparable to other police services of similar size in Ontario?

Does the Ottawa Police Service have adequate staffing levels within the Fraud Unit, and if not, what plans exist to address shortages?

Are there any alternative strategies beyond staffing to mitigate existing delays?

The Chief of Police provided a verbal response at the Board’s September 23, 2024, meeting. This discussion is publicly available on YouTube, with the Fraud Unit conversation beginning at minute 56. Since then, the Board has taken steps to ensure that additional resources are allocated to the Fraud Unit in the 2025 Ottawa Police Service budget to improve investigative capacity.

Please be advised that, in our assessment, your correspondence meets the threshold to qualify as a complaint regarding the adequacy and effectiveness of policing under subsection 107(1) of the Community Safety and Policing Act, 2019. It is the Board's statutory duty to forward such complaints to the Ontario Inspector General of Policing.

The Inspector General of Policing is responsible for receiving and addressing complaints about compliance with Ontario's Community Safety and Policing Act and its associated regulations by police services, police service boards, and organizations employing special constables. This encompasses complaints regarding the provision of adequate and effective policing and the conduct of police service board members. Besides addressing public complaints, the Inspector General also accepts disclosures of misconduct from members of police services and special constables. For more information, please visitwww.IOPontario.ca.

Once again, I am sorry for your experience and the challenges it has created for your business.

If you have any further concerns or questions about the complaint process, please do not hesitate to reach out.

Sincerely,

Habib Sayah, Executive Director | Ottawa Police Service Board | [email redactado]

Telephone: (613) [teléfono redactado], x26597 | Fax: (613) [teléfono redactado] | 110 Laurier Avenue West,Ottawa, ON K1P 1J1 | www.ottawapoliceboard.ca

Clearly, this unbelievable inability for Ottawa’s Police to respond to major fraud is a known issue, and based on absolutely zero progress made since the business was stolen from over 5 months ago, the issue does not seem to be getting any better. The company is not without information either – banking details for the account where over $67K in funds were deposited, and a name and institution information for the individual who intercepted the e-transfer have been determined. It is disappointing that Police here in our city are not able to prioritize such a significant amount of theft, and at the very least work with the banks to try to determine who opened these accounts.

The banks involved have also been less than helpful:

· BMO, the institution where Fusion has a bank account was contacted, and they declined to attempt to support, indicating that due to the fact that no funds were taken out of Fusion’s bank account, there was nothing they could do. When pushed to see if they could at least contact National Bank – where the large wire transfer was sent to – they did not respond.

· National Bank – the bank where the large wire transfer was deposited was also contacted – by both Fusion and Fusion’s client. Through Fusion’s contact efforts, National Bank noted that because Fusion is not a client, they would not be able to discuss anything with them or open up a case unless BMO contacted them. National Bank did however confirm to Fusion’s client, who sent the large wire transfer to them that they would open up a case.

o After multiple attempts by Fusion to seek an update – still no response from National Bank

· Interac was also contacted – explaining the major security gap and intercepted e-transfers – no response from interac either.

At this point, the business feels as though every avenue to seek a resolution and justice leads to failure.

Months have gone by and while funds may never be recovered, justice should at the very least be attempted. Small businesses should also be aware of the potential risk of email hacking and things that can be done to prevent it – secure your accounts, update your passwords, and enable multi-factor authentication because, based on our experience, if this happens to you – you’re not going to get any support from the Police, banks or local politicians.