SINGAPORE: Scams involving spoofed email addresses are on the rise, the Singapore Police Force (SPF) warned on Tuesday (Sep 11).
In a news release, the police said they had received more than 200 reports about business email impersonation scams between January and July this year, an increase of 9.7 per cent from the same period last year.
The scammers got away with at least S$30 million, police said, compared to more than S$13 million for January to June 2017.
The cases usually involve businesses that have overseas dealings and use email as their main mode of communication, police said.
In many of the cases, the scammers are believed to have hacked into either the email accounts of the victims or their suppliers to monitor their email correspondence. They would look out, in particular, for correspondence relating to ongoing negotiations or discussions on sales and purchase transactions.
They would then use the supplier’s email account or a spoof account, closely resembling that of the suppliers’, to ask victims to transfer payments to a bank account controlled by the scammers.
The police cited examples of spoofed email addresses, which they said often included slight misspellings or the replacement of letters, which may not be obvious at first glance:
In order to deceive victims into thinking that the emails were genuine, the scammers may closely mimic the emails of the real suppliers. For example, they may use the same business logos, links to the company's website, or messaging format, police said.
The victims would believe they had received genuine emails from their suppliers and transfer money to the new bank accounts, only find out they had fallen prey to scammers when their suppliers informed them that they did not receive the money.
Businesses affected by such scams should contact their bank immediately to recall the funds, police said.
In the news release, SPF advised businesses to take the following preventive measures:
- Be mindful of any new or sudden changes in payment instructions and bank accounts. Always verify these instructions by calling your business partners on trusted numbers. Previously known phone numbers should be used instead of the numbers provided in the fraudulent email.
- Educate your employees on this scam, especially those that are responsible for making fund transfers.
- Prevent your email account from being hacked by using strong passwords, changing them regularly, and enabling two-factor authentication where possible. Consider installing email protection software that can detect fraudulent emails.
- Install anti-virus, anti-spyware/malware, and firewall on your computer, and keep them updated. Also use the latest computer operating system and keep them updated when new patches are available.
The police added that anyone who wants to provide any information related to such crimes can call the police hotline at 1800-255-0000, or submit it online at www.police.gov.sg/iwitness. Those who need urgent police assistance can call 999.
Members of the public can also call the anti-scam helpline at 1800-722-6688 or visit www.scamalert.sg.