Singapore has seen an alarming rise in business email impersonation scams throughout 2018, with the local police force recording more than 200 reports from January to July 2018, an increase of 9.7 per cent compared to the same 2017 period.
These scams are not unique to Singapore or Asia but are of global concern.
And while there is no straightforward solution, channel partners can play a significant role in reducing such incidents.
A significant problem with security is the employees that work for the organisation, and while automating problems and implementing various security measures do have an impact, problems will still persist unless company personnel are adequately trained.
Security specialist have a role to play but government agencies need to be involved too. At a national level, teaching correct security hygiene within the national curriculum is recommended, while such issues are of national concern.
In many of these 200 reported cases, victims were deceived into transferring money overseas for business payments, believing that they were paying their regular business partners.
However, they later found out that such requests were not authorised by their business partners, and in fact, the accounts did not belong to them.
The police have concluded that the email accounts of the victims or their supplies were compromised, enabling the hacker to effectively monitor the email correspondence between both parties.
Once compromised the scammers were able to look out for email correspondence relating to ongoing negotiations or discussions on sales and purchase transactions - this would allow the scammers to pretend to be the supplier by using their email account or by creating a spoofed email account.
A telltale of a spoofed email address would often include slight misspellings or replacement of letters, which may not be obvious at first glance.
To further deceive their victims, scammers would also often use the company’s logo or links to the organisation’s website or messaging format.