Posted on

Beware of hackers, scammers, fraudsters!


The Financial Intelligence Unit (FIU) functions as a hybrid unit, exercising the functions of an enforcement and an administrative FIU.

The analytical work of the FIU involves the analysis and assessment of relevant criminal activities, such as fraud, from which trends and typologies are developed.

There has been a marked increase in fraudulent activities and, as such, we warn all persons to be vigilant in their personal and business affairs, so as not to fall prey to such criminal activities.

The advancement and proliferation of technology has made it possible for persons, far removed, operating on different continental spaces, to defraud others of their personal and corporate finances.

The fraudulent schemes include wire fraud, email fraud and online dating or romance scams, focused on both private business and public entities and individuals, respectively.

The perpetrators participate in these dishonest activities for the purpose of depriving you or your business of both tangible and intangible assets.

The fastest and most advanced means utilized by fraudsters today is the criminal offence of wire fraud (section 72(2) of the Electronic Transactions Act Cap 145). Wire fraud involves using electronic communications, e.g. email, text message, radio and television communication, telephone and the Internet.

Wire fraudsters utilize various methods to obtain your information, including, but not limited to the following:
  • Malware – This is software intended to damage computers or electronic devices
  • Phishing – Sending fraudulent emails purporting to be reputable companies to induce persons to provide their personal information
  • Social Engineering – Personal information is obtained from victims and third party agencies or persons (customer service representatives) who are tricked into facilitating wires
  • Email Compromise – Criminals obtain access to victims’ email accounts and obtain financial information. The practice of using the same or similar passwords accommodates this method
  • Vishing and Smishing – This method is used to obtain personal information through calling the victim or sending an email purportedly from a reputable company, asking the victim to verify or confirm personal information.

The cases show a growing trend that fraudsters are using information gathered from online accounts (social media) to commit fraud in other channels. The information that is usually shared on social media accounts is obtained and used to build a profile of potential victims.

The following are some means used to perpetrate wire fraud that have been identified by the FIU:

1. Compromising an online account and disabling or redirecting security alerts. New numbers or email addresses are entered, which prevent the victim from knowing that the account was compromised.

2. Compromising the victim’s account and then sending an email to the victim’s banker stating that he/she is out of State for a funeral or had a medical emergency and needs money for expenses. This particular scam depends heavily on the banks not verifying the forged signature properly.

3. Compromising an online account and thereafter engaging in live chat with a CSR, stating that he/she is having trouble with a wire transfer and then asking for help. The fraudster obtains sufficient personal information to answer the verification questions asked by the CSR.

4. Fraudster compromises a known business or state department’s admin email. He/she manipulates an ongoing wire transaction and requests the sender to divert the monies to another account at the last minute. This depends heavily on the sender not verifying the transaction before it is sent.

5. Fraudster compromises a business account and creates a new user with the authority to approve online wire requests. He/she then sends a wire request from the business account and approves the request from the new account that was created.

6. Fraudster compromises a commercial account (business that has a long relationship and regularly conducts similar transactions with bank) and sends a fake invoice from a purported supplier for payment with instructions. The fraudster depends on the relationship between the bank and its customer.

In light of the foregoing, businesses and individuals are encouraged to engage in further verification of electronic transactions. The payer and the payee should be contacted, even where there is a long-standing relationship between the bank and the payer to accommodate similar transactions. The fraudster would have compromised the victim’s account and is aware of his business relations with your financial institution. He/ she depends on you not checking or verifying the transaction. Persons are therefore advised to employ strong passwords and verification systems, such as dual control.

The FIU encourages persons and businesses to adopt strong and effective internal controls to prevent being a victim of fraud, as finding these fraudsters is akin to finding a needle in a haystack. (contributed by the Financial Intelligence Unit)