Business email scams up 9.8% in 2018

Many cases reported involved scammers deceiving victims to transfer money overseas for payments.

Reported business email scams rose 9.7% YoY to more than 200 from January to July, the Singapore Police Force (SPF) said.

The police noted that most cases involved victims that were deceived into transferring money overseas for business payments.

“The victims believed that they were paying their regular business partners, only to discover that the request for payments were not made by their business partners, and the accounts did not belong to them,” they explained.

The police believe that scammers may have hacked into the email accounts of either the suppliers or the victims in order to look into their email correspondence, specifically those relating to ongoing negotiations or discussions on sales and purchase transactions.

After which, the scammers pretend to be the supplier by using the supplier’s email account or creating a spoofed email account that closely looks like the original address of the supplier. This would be what they will use to send email instructions to the victims when asking to transfer payments to another bank account which were controlled by the scammers.

“Spoofed email addresses often include slight misspellings or replacement of letters, which may not be obvious at first glance,” the police explained.

Scammers may also mimic the e-mails of the real suppliers by using the same business logos, links to the company’s website, or messaging format. Because of this, the victims would tend to believe that they had received a genuine email from their suppliers and transfer money to the new bank account.

With this, the police urges businesses to be mindful of any new or sudden changes in payment instructions and bank accounts.

“Always verify these instructions by calling your business partners on trusted numbers,” the police said. “Previously known phone numbers should be used instead of the numbers provided in the fraudulent email.”

Furthermore, they called on firms to educate their employees regarding the scam, especially those that are responsible for making fund transfers. The agency also encouraged businesses to use strong passwords, change them regularly, and use a Two-Factor Authentication (2FA) where possible, in order to prevent hacking.

“Install anti-virus, anti-spyware/malware, and firewall on your computer, and keep them updated,” the police commented. “Also use the latest computer Operating System (OS) and keep them updated when new patches are available.”

Moreover, they called on affected businesses to reach out to their banks immediately to recall the funds.