Protect Your Data, Protect Yourself

 

Cybercrime is a serious threat to your business. Be vigilant, recognise the prevalent types, and protect yourself from becoming the next victim.

Common Cyber Crime Cases

1. Business Email Compromise (BEC) Fraud

Business Email Compromise (BEC) is a scheme targeting businesses with multiple suppliers and/or partners that regularly carry out payment of transactions through email. It occurs when fraudsters impersonate your suppliers, business partners, or senior management with aim to change their bank account details and ultimately divert the fund to a fraudulent account.

Common scenarios used on BEC schemes are as follows:

• Fraudsters pretend to be a supplier or business partner and inform company to send future payments to a new account number and location.
• Fraudsters pretend to be a customer of the bank and send fraudulent wire transfer instructions to the bank.
• Fraudsters impersonate a company executive, namely CEO or CFO, and instruct staff in charge to execute wire transfer on behalf of the company. This scenario is also well-known as CEO Fraud.
• Fraudsters impersonate real estate service agents to send fraudulent payment instructions and divert down payments or other related funds into their criminal-controlled account.

 

Red Flags of BEC Fraud

• Suspicious transaction pattern such as sudden request to change beneficiary account information.
• Transaction instructions originate from an email address closely similar to the legitimate account, only the wording slightly altered. For example:

 

Legitimate Address	Fraudulent Address
[email protected]	[email protected]   [email protected]   [email protected]   [email protected]

 

• Email transaction instructions are typically assigned as “Urgent”, “Secret’, or “Confidential”. In some cases, the email sender may emphasize urgency or confidentiality throughout the correspondences.
• Fraudsters are commonly known to have bad spelling and grammar. Suspicion shall arise, especially when suppliers or business partners are native speakers.
• The beneficiary account is located in high-risk jurisdiction countries.
• Fraudsters send forged documents or invoices that have been modified to divert the fund to their criminal-controlled account.

 

2. Phishing

Phishing occurs when a criminal sends email pretending to be from reputable companies or well-known organizations in order to induce recipients to expose their personal information such as account login details, passwords, account and credit card numbers. Phishing emails usually direct recipients to a look-alike website which will enable criminals to capture our sensitive information.

3. Spoofing

Spoofing is when a criminal impersonates other user or device or network which aims to steal sensitive information, spread malware, and/or bypass access controls. Spoofing can apply to emails, phone calls, and websites. It may even be more technical, such as through spoofing of IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server.

4. Vishing

Vishing is an attack that uses phone calls pretending to be from reputable companies or well-known organization in order to induce individuals to expose their personal information. Vishing works in similar manner to phishing, but instead of using email, it is carried out by voice technology such as landline or cellular phones.

5. Malware

Malware or malicious software is computer programs designed to disrupt, damage, or gain unauthorized access to the computer system. Malware can take shapes as viruses, worms, Trojans, as well as spyware. Viruses can disrupt the function of our computers, while spyware is able to gather computer’s data even without knowledge of users.

Most common ways of malware can spread to our PC are through spam emails, infected removable storage media, compromised websites (hacked or spoofed), and bundled with other software.

 

Tips for Cybercrime Protection

 

1. Understand the habit of your suppliers/business partners and beware of sudden changes

Get to know the pattern of your suppliers/business partners, including their typical transactions, reasons, periods, account details, and payment amounts. Be suspicious when you find any significant deviation from those patterns.

 

2. Validate suspicious emails and/or calls

Be suspicious when receiving unusual requests asking for a change of beneficiary account details or instructing urgent payment. Conduct validation of such request using different means of communication. For example, make a callback directly to the previously registered number.

 

3. Use "Forward" instead of "Reply" option to respond e-mails

When you cannot validate emails through different means, always use “Forward” button to reply your email. Using this function forces you to retype the legitimate email address or select it from previously registered address book.

 

4. Keep your anti-virus and anti-malwares up-to-date

Protect your computer from viruses, worms, Trojans, and/or spyware by installing anti-malware software. More importantly, keep the software up-to-date at all times to maintain its effectiveness.

 

5. Always use strong password and frequently change them

Protect your accounts and documents using strong password combination and change them periodically. Set reminder to frequently change your passwords, if necessary.

 

6. Browse the internet safely

Avoid visiting websites with suspicious content and be mindful of information you input on the internet. Stay away from downloading documents from untrusted sources to avoid malware infections.

 

7. Do not use public devices or free Wi-Fi to access office emails

Make sure that you access office emails and company information in safe and secured environment.