Police warn companies about e-mail scam

Make text smaller Make text larger

  • An example of a generic scam e-mail (Image from the Bermuda Police Service)

    An example of a generic scam e-mail (Image from the Bermuda Police Service)


Local businesses have been conned out of more than $5 million after being targeted by an e-mail scam, the Bermuda Police Service warned tonight.

Detective Superintendent Sean Field-Lament, of the Crime Division, said police received three reports of “significant cyber-enabled fraud incidents” from local companies in the past ten days.

He added: “Two frauds resulted in the loss of $1.3 million and $4 million in separate incidents, and the third attempt at a different business was discovered before funds were actually transferred.”

Mr Field-Lament said: “I wish to raise awareness of the Bermuda business community in regards to an emerging cyber threat named ‘Business E-mail Compromise’, also called ‘CEO fraud’.”

He added: “The BPS would encourage all companies to review their business processes to guard against this type of cybercrime.”

According to police, organised crime groups use publicly available contact information to collect e-mail data of company staff.

Fraudsters then send an e-mail impersonating the executive to the accounts department employee, requesting “an urgent overseas payment to be made”.

Police said the United States Federal Bureau of Investigation reported in 2016 that BEC fraud had increased by 1,300 per cent, with a combined loss of more than $3 billion.

The BPS shared recommendations by the FBI to avoid free web-based e-mail accounts and consider extra IT and financial security procedures, including a two-step verification process.

It added: “Be careful what is posted to social media and company websites, especially job duties/descriptions, hierarchal information, and out-of-office details.

“Be suspicious of requests for secrecy or pressure to take action quickly.”

The BPS also recommended using other communication channels to verify transactions, reporting and deleting spam e-mail, using the “forward” option instead of “reply”, and creating “intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail”.

For more information, see the full press release under “Related Media”.

Information is also available on the United States Department of Justice website at https://www.justice.gov/criminal-ccips/ccips-documents-and-reports under the “Topical White Papers” publication entitled Best Practices for Victim Response and Reporting of Cyber Incidents.

You must be registered or signed-in to post comment or to vote.

Published Apr 11, 2018 at 9:15 pm (Updated Apr 11, 2018 at 9:15 pm)

Police warn companies about e-mail scam

What you
Need to
Know
1. For a smooth experience with our commenting system we recommend that you use Internet Explorer 10 or higher, Firefox or Chrome Browsers. Additionally please clear both your browser's cache and cookies - How do I clear my cache and cookies?
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service
7. To report breaches of the Terms of Service use the flag icon

  • Take Our Poll

    Today's Obituaries