Cases of business e-mail impersonation scams rise as scammers take advantage of more working from home

These e-mail addresses are often simple misspellings of legitimate business e-mail addresses.
These e-mail addresses are often simple misspellings of legitimate business e-mail addresses.PHOTO: THE NEW PAPER

SINGAPORE - Scammers have been posing as business partners or supervisors to trick employees into replying to seemingly legitimate work e-mails and cheat them of money.

Often these e-mail addresses are simple misspellings of legitimate business e-mail addresses, such as missing a letter or replacing numbers with letters that look similar.

Police said on Wednesday (May 6) that in the first quarter this year, more than 100 reports of such scams were reported, with more than $9.2 million lost. This is a 30 per cent increase in cases reported, but a 28 per cent drop in the amount cheated over the same period in 2019.

The scams are pertinent over this circuit breaker period as many companies have staff working from home and may require them to process payments remotely.

The police said that scammers likely take advantage of this situation by attempting to trick more people since the working arrangements can lead to less oversight.

Police had said on Monday (May 4) that scam victims lost $41.3 million in total in the first quarter of 2020, and that e-commerce and loan scams were among most common.

In business e-mail impersonation scams, scammers use hacked or spoofed e-mail accounts pretend to be business partners, suppliers or employees when asking their victims to transfer funds to a new bank account.

In other cases, the fraudsters pretended to be the victims' supervisors asking the victims to buy iTunes or Google Play cards and to send them the redemption codes after paying for the stored value cards.

The scammers used closely mimicked e-mails with the same business logos, links to the company's website, or names of existing employees to make the e-mail requests seem authentic. The spoofed e-mail addresses used by the scammers often include slight misspellings or replacement of letters.


To avoid falling prey to these scams the police have advised putting various checks in place, including verifying requests from the senders by calling them. Workers and businesses can also install e-mail authentication tools, antivirus and antispyware software, and firewalls on computers.

Members of the public can go to Cyber Security Agency's GoSafeOnline website for more tips, and get scam-related advice via the anti-scam helpline at 1800-722- 6688 or at this website. 

People should call their bank immediately if they or their businesses have been affected by this scam, and can call 999 for urgent police assistance.

Should they wish to provide any information related to such scams, they can call 1800-255-0000, or go to this website.