The Bermuda Police Service has issued a Fraud Advisory Press Release, warning of an increase in the number of attacks on Bermuda based businesses, by way of a scam known as the ‘Business Email Compromise’, which targets the emails of employees who perform regular wire transfers.
The scammers use tools to make a wire transfer instruction email appear as if it was initiated by the executive or accounts department, or to register a domain or email address similar to the targeted email account.
Upon successfully cloning or spoofing a genuine email address, the relevant payment officer (often at a bank) receives an authentic looking email from the executive or accounts department, authorising the immediate wire payment to be sent overseas.
The majority of the payment frauds investigated to date have involved fraudulent payments sent to China and Hong Kong.
Recent statistics released by the Federal Bureau of Investigation (FBI) suggest that the scam has to date resulted in estimated global losses of $3.1 billion to businesses, many of whom may also be susceptible to malware and ransomware. (Source: https://www.ic3.gov/media/2016/160614.aspx)
Detective Chief Inspector Nicholas Pedro of the Bermuda Police Service’s Organised and Economic Crime Department has said:
“Bermuda has already seen a number of local businesses having encountered the ‘Business Email Compromise’ scam, some of whom have experienced substantial financial loss. I would encourage local businesses to ensure that they have adequate internal processes in place and to also verify the legitimacy of all urgent overseas wire transfers prior to sending.”