Police Advisory: Business Email Impersonation Scam
Between January and July 2018, the Police have received more than 200 reports on business email impersonation scam. This is an increase of 9.7% in the same period last year. In these cases, the victims were deceived into transferring money overseas for business payments. The victims believed that they were paying their regular business partners, only to discover that the request for payments were not made by their business partners, and the accounts did not belong to them.
Such cases usually involve businesses with overseas dealings and use email as their main mode of communication. The Police believe that the scammers may have hacked into either the email accounts of the victims or their suppliers, to monitor the email correspondence between both parties. The scammers would look out for email correspondence relating to ongoing negotiations or discussions on sales and purchase transactions.
The scammers would then pretend to be the supplier by using the supplier’s email account or creating a spoofed email account (which closely resembles that of the supplier’s) to send email instructions to the victims, asking them to transfer payments to another bank account which were controlled by the scammers.
Spoofed email addresses often include slight misspellings or replacement of letters, which may not be obvious at first glance. These are some examples:
In order to deceive the victims, the scammers may also closely mimic the emails of the real suppliers, for instance, by using the same business logos, links to the company’s website, or messaging format. The victims would believe that they had received a genuine email from their suppliers and transfer money to the new bank account. The victims would only find out that they had fallen prey to the scam when their supplier informed them subsequently that they did not receive the money.
Businesses are advised to adopt the following preventive measures:
Be mindful of any new or sudden changes in payment instructions and bank accounts. Always verify these instructions by calling your business partners on trusted numbers. Previously known phone numbers should be used instead of the numbers provided in the fraudulent email.
Educate your employees on this scam, especially those that are responsible for making fund transfers.
Prevent your email account from being hacked by using strong passwords, changing them regularly, and enabling Two-Factor Authentication (2FA) where possible. Consider installing email protection software that can detect fraudulent emails.
Install anti-virus, anti-spyware/malware, and firewall on your computer, and keep them updated. Also use the latest computer Operating System (OS) and keep them updated when new patches are available.
If your business has been affected by this scam, call your bank immediately to recall the funds.
If you wish to provide any information related to such scams, please call the Police hotline at 1800-255-0000, or submit it online at www.police.gov.sg/iwitness. If you require urgent Police assistance, please dial ‘999’.
To seek scam-related advice, you may call the anti-scam helpline at 1800-722-6688 or go to www.scamalert.sg. Help spread the word and share this advisory with your employees and business partners to prevent them from becoming the next victim of scam.
Source: Singapore Police Force