Business email impersonation scams on the rise, police warn

Business email impersonation scams on the rise, police warn

SINGAPORE: Scams involving spoofed business email addresses are on the rise, with victims being deceived into transferring money to foreign bank accounts for business payments. 

So far this year, more than 110 police reports have been made on business email impersonation scams, an increase of about 20 per cent from the same period last year, police said on Thursday (Jun 22).

However, scammers got away with less money: More than S$13 million has been lost through this type of scam so far this year, as compared to about S$15 million for the same period in 2016.

The cases usually involve businesses with overseas dealings, and which use email as their main mode of communication, police said.

In many of the cases, the scammers are believed to have hacked into either the email accounts of the victims or their suppliers, to familiarise themselves with their emails.

They would then use the supplier’s email account or create a spoof account, closely resembling that of the suppliers’, and ask victims to transfer payments to a new bank account. 

The police cited examples of spoofed email addresses:

Spoof email addresses from police
Examples of spoofed email addresses cited by the Singapore Police Force.

Scammers may also use the same business logos, links to the company's website, or messaging format to deceive victims into thinking that the emails were genuine, police said. 

RECOVERY OF FUNDS FEW AND FAR IN BETWEEN

The police cited a case in which a local company received an email sent on Jan 22, 2016, purportedly from its overseas business partner, with instructions to send US$56,790 to purchase equipment.

The company transferred the money as instructed, not realising the business partner’s email had been compromised.

It was only when they discovered minor discrepancies in the sender's email addresses, that they realised something was amiss.

The business partner subsequently confirmed that he had not sent the email.

In this instance, police said that the funds were recovered as the money was still in the foreign bank account it was remitted to.

However, successful recoveries are few and far in between, police warned, noting that scammers usually transfer the funds out of the foreign bank accounts very quickly, making it difficult to recover the money.

Police added that businesses affected by such scams should contact their bank immediately to recall the fund transfers.

They also advised that businesses take the following preventive measures:

a. Prevent your email account from being hacked by using strong passwords, changing them regularly, and enabling two-factor authentication. Install anti-virus, anti-spyware/malware, and firewall on your computer, and keep them updated. Also use the latest computer operating system (OS) and keep them updated when new patches are available.

b. Be mindful of any sudden changes in the payment instructions and bank accounts provided by your business partners or creditors. Call back to verify changes in payment instructions and bank accounts. Previously known phone numbers should be used instead of the numbers provided in the fraudulent email.

c. Educate your employees on this scam, especially those that are responsible for making fund transfers.

The police added that anyone who wants to provide any information related to such crimes can call the police hotline at 1800-255-0000, or submit it online at www.police.gov.sg/iwitness. Those who need urgent police assistance can call 999.

Members of the public can also call the anti-scam helpline at 1800-722-6688 or visit www.scamalert.sg

Bookmark