BPS Online Fraud Advisory
Police warn companies about e-mail scam
Local businesses have been conned out of more than $5 million after being targeted by an e-mail scam, the Bermuda Police Service warned tonight.
Detective Superintendent Sean Field-Lament, of the Crime Division, said police received three reports of “significant cyber-enabled fraud incidents” from local companies in the past ten days.
He added: “Two frauds resulted in the loss of $1.3 million and $4 million in separate incidents, and the third attempt at a different business was discovered before funds were actually transferred.”
Mr Field-Lament said: “I wish to raise awareness of the Bermuda business community in regards to an emerging cyber threat named ‘Business E-mail Compromise’, also called ‘CEO fraud’.”
He added: “The BPS would encourage all companies to review their business processes to guard against this type of cybercrime.”
According to police, organised crime groups use publicly available contact information to collect e-mail data of company staff.
Fraudsters then send an e-mail impersonating the executive to the accounts department employee, requesting “an urgent overseas payment to be made”.
Police said the United States Federal Bureau of Investigation reported in 2016 that BEC fraud had increased by 1,300 per cent, with a combined loss of more than $3 billion.
The BPS shared recommendations by the FBI to avoid free web-based e-mail accounts and consider extra IT and financial security procedures, including a two-step verification process.
It added: “Be careful what is posted to social media and company websites, especially job duties/descriptions, hierarchal information, and out-of-office details.
“Be suspicious of requests for secrecy or pressure to take action quickly.”
The BPS also recommended using other communication channels to verify transactions, reporting and deleting spam e-mail, using the “forward” option instead of “reply”, and creating “intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail”.
For more information, see the full press release under “Related Media”.
Information is also available on the United States Department of Justice website at https://www.justice.gov/criminal-ccips/ccips-documents-and-reports under the “Topical White Papers” publication entitled Best Practices for Victim Response and Reporting of Cyber Incidents.
Cruise visitor jailed in Australia
Delight as kid-napped goats are returned
Holiday turns friends green with envy
‘Something in my life was missing’
Fairmont Southampton bans use of straws
Man denies child porn charges
Zebras dominate top awards
Dockyard to turn off lights tonight
Evans wins payout over his dismissal
Operation Ceasefire cancelled
More than half of Azura’s first phase sold
Tourists full of praise after purse returned
Moroccan-themed market launches
No jail for man who dropped son from window
Reviewer pleased with his Twizy rental
Take Our Poll