SINGAPORE — Since January last year, at least $987,000 has been lost to a form of e-mail scam involving the purchase of iTunes or Google Play cards.
The figure was revealed in a police news release on Monday (20 January) that warned members of the public about a variant of the “Business E-mail Compromise” scam.
Victims of the scam had responded to e-mails purportedly sent by their colleagues or employers, instructing them to buy iTunes or Google Play cards for work-related reasons such as gifts to clients. The victims were then instructed to send over the cards’ redemption codes.
“In past cases of Business E-mail Compromise scams, scammers have impersonated as CEOs, business partners, suppliers and employees of companies to request victims to transfer funds to specified accounts, claiming that the money was for business partners or salaries of other employees,” said the police.
“Unknown to the victims, these were accounts that were controlled by scammers.”
Police noted that scammers have been known to use hacked or spoofed e-mail accounts, or familiar-looking e-mail addresses to deceive their victims.
“In some instances, they would also enclose copies of the bankbook bearing the names of employees in such e-mails to make the requests seem authentic,” said the police, adding that this would lead victims to transfer money to the new bank account.
Victims would find out that they had fallen prey to a scam only when their supplier or employee informed them that they did not receive the money or when they noticed discrepancies in the given e-mail address.
Police included in their release examples of how spoofed e-mail addresses can resemble genuine ones (as seen below):
Genuine e-mail address
Spoofed e-mail address
Businesses can adopt the following preventive measures to minimise their chances of being scammed:
Be wary of new or sudden changes in payment instructions or bank accounts. When in doubt give the e-mail sender a call using a known phone number and not one provided in a suspicious e-mail.
Take efforts to educate your employees on this scam, especially those who handle fund transfers.
Prevent your e-mail account from being hacked by using strong passwords, changing them regularly, and enabling Two-Factor Authentication (2FA). Consider using free e-mail authentication tools to help detect fraudulent e-mails.
Install anti-virus, anti-spyware/malware programs and firewall your computer. Also, update your operating system when new patches are made available.
More Singapore stories: