SINGAPORE: Victims have lost at least S$32 million to scammers impersonating business partners or employees, the Singapore Police Force said in a news release on Tuesday (Nov 26).
From January to September 2019, police received 276 reports of such scams, where scammers used hacked or fake email accounts to pose as business partners, requesting fund transfers from the victims.
People who followed the instructions in the emails would transfer payments to a bank account controlled by the scammers.
READ: Plump pickings for scammers? Trusting, unsuspecting Singaporeans need to raise their guard
READ: Indonesia arrests dozens of Chinese over online scam
Previous cases of such scams saw scammers impersonating CEOs, business partners or suppliers, the police noted.
“A new variant of the scam has been observed whereby scammers are impersonating as the company’s employees,” police said.
“Spoofed email addresses used by the scammers often include slight misspellings or replacement of letters, which may not be obvious at first glance,” the news release added.
Examples of spoofed email addresses.
Scammers may also closely mimic legitimate emails sent by the business they are posing as by using their logos, adding links to the company’s website and adopting the businesses’ messaging format.
“Scammers would also enclose copies of the bank book bearing the name of employees in such emails to make the requests seem authentic,” police said.
“The victims would believe that they had received a genuine email and transfer money to the new bank account.
“The victims would only find out that they had fallen prey to the scam when their supplier or employee informed them subsequently that they did not receive the money.”
MEASURES TO TAKE
Affected businesses should call their bank immediately to recall lost funds, police said.
Businesses should also put in place preventative measures like keeping track of new or sudden changes in payment instructions and bank accounts. Information should be verified by calling the email sender using previously known phone numbers, instead of ringing the numbers provided in the email.
“Educate your employees on this scam, especially those that are responsible for making fund transfers, such as purchasing or HR payroll,” police advised.
READ: S$6 million lost to phone scammers impersonating technical support staff and police
READ: Malaysia busts online scam syndicate run by Chinese nationals, nearly 700 arrested
Employees should use strong passwords that are regularly changed to prevent being hacked. Two-Factor Authentication (2FA) should be enabled wherever possible.
“Install anti-virus, anti-spyware/malware, and firewall on your computer, and keep them updated,” police suggested, adding that users should update their operating system whenever new security patches are made available.
