More than 200 reports of business e-mail impersonation scams in 2018: Police

The police believe that the scammers may have hacked into the e-mail accounts of the victims or their suppliers to monitor the e-mail correspondence between both parties.
The police believe that the scammers may have hacked into the e-mail accounts of the victims or their suppliers to monitor the e-mail correspondence between both parties.PHOTO: ST FILE

SINGAPORE - More than 200 reports on business e-mail impersonation scams have been made between January and July this year, said the police in a statement on Tuesday (Sept 11).

This is an increase of 9.7 per cent compared with the number of reports made over the same period last year.

According to the police, such scams typically target businesses with overseas dealings that use e-mail as their main mode of communication.

The police believe that the scammers may have hacked into the e-mail accounts of the victims or their suppliers to monitor the e-mail correspondence between both parties.

The scammers would look out for any ongoing negotiations or discussions on sales and purchase transactions, so as to impersonate the supplier.

Using the supplier's e-mail account or a spoofed e-mail account that closely resembles that of the supplier, the scammers would then request for business payments to be made to a bank account they controlled.

Victims of such scams were often deceived into transferring the money, believing that the payments were being made to their regular business partners.

 
 
 
 

The victims would realise they had fallen prey to the scam only when their suppliers informed them that they did not receive the money.

Spoofed e-mail addresses often include slight misspellings or replacement of letters which may not be obvious at first glance, warned the police in their statement.

For example, "I23@gmail.com" instead of "123@gmail.com", and "lisa@faber-cn.com" instead of "lisa@faber.com.cn".

In some cases, the scammers may also closely mimic the e-mails of the real suppliers by using the same business logos, links to the company's website or messaging format.

Last month, a fake e-mail was sent to former minister of state Teo Ser Luck, claiming to be from Speaker of Parliament Tan Chuan-Jin.

The fake e-mail had been a case of someone spoofing Mr Tan's name using another e-mail address.

The police advise that businesses adopt the following preventive measures:

- Be mindful of any new or sudden changes in payment instructions and bank accounts. Always verify these instructions by calling your business partners on trusted numbers. Previously known phone numbers should be used instead of the numbers provided in the fraudulent e-mail.

- Educate your employees on this scam, especially those who are responsible for making fund transfers.

- Prevent your e-mail account from being hacked by using strong passwords, changing them regularly and enabling two-factor authentication (2FA) where possible. Consider installing e-mail protection software that can detect fraudulent e-mails.

- Install anti-virus, anti-spyware/malware, and firewall on your computer, and keep them updated. Also use the latest computer Operating System (OS) and keep them updated when new patches are available.

Businesses that have been affected by this scam should call their banks immediately to recall the funds.

To seek scam-related advice, you may call the anti-scam helpline at 1800-722-6688 or go to www.scamalert.sg.