Woman has $4,000 stolen from Butterfield account in e-mail scam
Scale of cyber scams hard to estimate
It is impossible to estimate how many Bermudians have been victimised by cyber scams or how much money has been stolen because people are too ashamed to admit they were duped.
This is the message that the Department of Consumer Affairs conveyed in response to the growing concern over locals being targeted by fraudulent phishing scams, adding that the bogus e-mail targeting Butterfield Bank customers has been rapidly making the rounds in Bermuda.
It is difficult for the Department of Consumer Affairs to accurately determine how many people have been victims of financial scams because most victims of scams are embarrassed about it and they dont want people to know, said Honey Adams, education officer of Consumer Affairs.
Since Bermudas economy began feeling the affects of the global recession, Consumer Affairs has seen an increase of victims duped by cyber scams and fraudulent multi-level pyramid schemes.
Scams are a growing problem, and while most local residents have gotten smarter about recognising scams and protecting themselves, scammers are getting very clever and as a result are still managing to successfully scam unsuspecting people, said Ms Adams.
She added that the best protection against cyber thieves is knowledge.
Be prepared to be targeted by scammers and have a plan to protect yourself. A savvy consumer is our best protection against scams, she said.
In October 2011, the BPS Financial Crime Unit created an e-mail for the public to report suspected scam e-mails (fraud2[AT]bps.bm).
Have you been a victim of a cyber scam? Contact business[AT]rg.bm.
A long-time Butterfield Bank customer says she had $4,000 stolen from her account after falling victim to cyber crime.
Though she eventually managed to get the money returned, Ms Phillips, who has asked that we do not use her first name, said $4,000 was taken out of her account when she answered an e-mail last week asking her to update her online account. She says she thought the e-mail was Butterfield, her bank of 24 years.
I immediately felt uncomfortable and knew I had made a grave mistake, said the senior accounting executive based in Hamilton.
Just minutes after the incident she found that $4,000 had been wired to a bank in South Africa from her account, with the wire transfer stating that her home address was the PO Box of Butterfield Bank.
Visibly upset, Ms Phillips ran to Butterfield Bank to plead for help.
When I got there they basically shrugged their shoulders and said you shouldnt have done that, we cant help you, she said. I felt helpless.
The staff at the bank told her they would send a SWIFT message (a means by which global banks communicate with each other) to the beneficiary bank but said they were not liable for the missing money.
Butterfields internet banking agreement states that they are not liable for losses that occur should there be a breach in the account holders security.
Not satisfied, Ms Phillips took it upon herself to find the South African bank, ABSA Bank, get up in the early hours of the morning and call as many people as she could until she reached the right person.
After several tense hours of speaking with ABSA Bank, Ms Phillips said she sent all the information needed to Butterfield so they could assist in the return of the funds.
I begged and pleaded and sent numerous e-mails to Butterfield Bank to help me but I got nothing back from them. Nothing, she said. Never was there the offer to see if the wire had gone through and if there was a way to stop it.
Of the numerous e-mails that I sent, not once did I get a response from the various persons that I contacted with the bank until the funds were credited back.
Ms Phillips said she finally got a call from her bank later that morning stating her $4,000 was credited back to her account.
Butterfield Bank, when questioned about the case, said they could not comment on the particulars of individual customers transactions.
The bank certainly isnt the only group being targeted, in fact a 2011 Norton Corp report estimated the global cost of cybercrime at $400 billion annually.
Cyber crime is a growing concern in Bermuda. Last week The Royal Gazette reported that the Bermuda Monetary Authority, Department of Consumer Affairs and the Bermuda Police Service came together to warn the public about the scams.
In response to questioning about what they are doing to stop scammers targeting their customers, a Butterfield Bank spokesperson said: When we learn of a phishing scam being perpetrated we take immediate action to have the fraudulent website disabled.
The spokesperson said the bank had issued several statements to the media warning customers of such threats.
We will NEVER request customers personal information, account data or online banking login credentials via e-mail and we will NEVER send customers links to a website asking them to update or unlock their online banking account access, the bank said in an e-mailed statement.
Ms Phillips admits that she was at fault for falling for the e-mail scam but said that further stop-gap measures should be put in place to protect customers.
I had a weak moment, I knew I was at fault but the least they could have done was answer one of my phone calls or my e-mails, she said, adding that she is in the process of moving her account to another bank. Who checks the outgoing wire information at the bank? It has to be approved by someone and my address is certainly not the PO Box of the bank. There are zero internal controls, that I have seen, to stop fraudulent transactions. Is that how you protect your clients?
According to Butterfield Bank, once they find out a customer has been a victim of online fraud, they take immediate action to contact the correspondent and/or the receiving banks to recover the funds but depending on the situation, they may not be able to intervene before the thieves disappear with the money.
As part of Butterfields online security, the bank uses a public-key encryption token, which they now have asked customers to input twice but the bank says even that isnt foolproof.
Double authentication provides an additional layer of protection in respect of wire transfers, however, where a customer has voluntarily provided his or her account credentials to a third party, it is not a guaranteed means of stopping resulting unauthorised account access, the bank said.
Some local banks have begun instituting an additional layer of protection by calling people who make wire transfers to confirm its authenticity.
In order to ensure the highest level of service, but also security, when making transfers to local or foreign banks, HSBC may, from time to time, contact clients to validate transactions after the initial request has been submitted, said a HSBC Bermuda spokesperson.
Both HSBC Bermuda and Capital G are also aware of scams circulating the Island and both have policies in place to review breaches and losses on a case-by-case basis.
We shall deal with each suspected incident of fraud on a case-by-case basis, said a Capital G spokesperson. If it is determined that you took reasonable care to protect your personal information (including PINs and passwords) and acted reasonably in protecting such information, your losses shall be returned to you in accordance with our terms and conditions.
Ms Phillips warns others that it only takes a weak moment to make a costly mistake.
I guess the moral is to never give up, she said. Yes, it probably cost me $150 in phone calls to South Africa but better that than the $4,000 that BNTB bank was not willing to help me get back.
Doctors urge health plan rethink
OBA’s $165m gamble costing Bermudians dear
Government explores blockchain bonds
Four arrests after gunfire on Court Street
Senior arrested on suspicion of DUI
Take Our Poll