SINGAPORE - Business owners, beware: there is an email impersonation scam going around requesting for payments to be made to different bank accounts.
Scammers modus operandi?
They would hack into either the email accounts of the victims or their suppliers to familiarise themselves with their email correspondences.
Then, they would create a spoofed email address, closely resembling that of the suppliers’, to send email with instructions to victims, asking them to transfer payments to a new bank account.
Since Jan 2017, the police said they have received more than 110 reports on business email impersonation scams. This is an increase of about 20 per cent from the same period in 2016.
The total amount lost through this type of scam in 2017 to date has exceeded $13 million, said the police in a statement on Thursday (June 22).
The police cautioned that such scams usually involve businesses with overseas dealings and use email as their main mode of communication.
In order to deceive the victims, the scammers may also closely mimic the emails of the real suppliers. For instance, they'd use the same business logos, links to the company’s website, or messaging format.
Unsuspecting victims would only realise that they've been duped after their supplier informs them subsequently that they have not received the money.
On Jan 22, 2016, a local company received an email that was purportedly sent by their overseas business partner, with instructions to make payment of US$56,790 (S$78,880) to purchase equipment.
Not realising that their business partner’s email had been compromised, they trustingly transferred the money to the foreign bank account, as instructed.
Subsequently, they suspected that their business partner’s email account was compromised when they spotted minor discrepancies in the email addresses used by the sender.
Fortunately for these folks, they were able to successfully recall the funds as they were still sitting in the foreign bank account.
Others might not be so lucky as scammers would usually transfer the money out very quickly, said the police.
Here are some tips from the police:
1. Prevent your email account from being hacked by using strong passwords, changing them regularly, and enabling two-factor authentication.
Install anti-virus, anti-spyware/malware, and firewall on your computer, and keep them updated.
Also use the latest computer Operating System (OS) and keep them updated when new patches are available.
2. Any sudden changes in the payment instructions and bank accounts details provided by your business partners or creditors should raise red flags.
Call back to verify the information. Previously known phone numbers should be used instead of the numbers provided in the fraudulent email.
3. Educate your employees about this scam, especially those who are in charge of making fund transfers.