$987,000 lost to e-mail scams involving iTunes, Google Play gift cards since Jan 2019: police

Staff Writer
·Editorial team
Victims of the scam had responded to e-mails purportedly sent by their colleagues or employers, instructing them to buy iTunes or Google Play cards for work-related reasons such as gifts to clients. (PHOTO: Getty Images)
Victims of the scam had responded to e-mails purportedly sent by their colleagues or employers, instructing them to buy iTunes or Google Play cards for work-related reasons such as gifts to clients. (PHOTO: Getty Images)

SINGAPORE — Since January last year, at least $987,000 has been lost to a form of e-mail scam involving the purchase of iTunes or Google Play cards.

The figure was revealed in a police news release on Monday (20 January) that warned members of the public about a variant of the “Business E-mail Compromise” scam.

Victims of the scam had responded to e-mails purportedly sent by their colleagues or employers, instructing them to buy iTunes or Google Play cards for work-related reasons such as gifts to clients. The victims were then instructed to send over the cards’ redemption codes.

“In past cases of Business E-mail Compromise scams, scammers have impersonated as CEOs, business partners, suppliers and employees of companies to request victims to transfer funds to specified accounts, claiming that the money was for business partners or salaries of other employees,” said the police.

“Unknown to the victims, these were accounts that were controlled by scammers.”

Police noted that scammers have been known to use hacked or spoofed e-mail accounts, or familiar-looking e-mail addresses to deceive their victims.

“In some instances, they would also enclose copies of the bankbook bearing the names of employees in such e-mails to make the requests seem authentic,” said the police, adding that this would lead victims to transfer money to the new bank account.

Victims would find out that they had fallen prey to a scam only when their supplier or employee informed them that they did not receive the money or when they noticed discrepancies in the given e-mail address.

Police included in their release examples of how spoofed e-mail addresses can resemble genuine ones (as seen below):

Genuine e-mail address

Spoofed e-mail address

123@gmail.com

l23@gmail.com

abc@deshipping.com

abc@deshpping.com

lisa@faber.com.cn

lisa@faber-cn.com

Staying vigilant

Businesses can adopt the following preventive measures to minimise their chances of being scammed:

  • Be wary of new or sudden changes in payment instructions or bank accounts. When in doubt give the e-mail sender a call using a known phone number and not one provided in a suspicious e-mail.

  • Take efforts to educate your employees on this scam, especially those who handle fund transfers.

  • Prevent your e-mail account from being hacked by using strong passwords, changing them regularly, and enabling Two-Factor Authentication (2FA). Consider using free e-mail authentication tools to help detect fraudulent e-mails.

  • Install anti-virus, anti-spyware/malware programs and firewall your computer. Also, update your operating system when new patches are made available.

More Singapore stories:

Woman who duped then-WDA of over $160,000 in fake training claims jailed

Singaporeans must welcome new citizens, not allow others to ‘exploit’ tensions and divide us: Heng Swee Keat

COMMENT: GE 2020 is dress rehearsal for Tan Cheng Bock's party

Man on trial for scalding son to death once strangled pregnant sister, court heard

  • Up next
  • Up next
  • Up next
  • Up next