The Anti-Scam Centre (“ASC”) of the Singapore Police Force, together with Citibank Singapore (“CITI”) and RHB Bank Berhad Singapore (“RHB”) had successfully foiled a business email compromise scam and recovered USD1.9 million (about SGD2.54 million).
On 18 December 2020, the Police were alerted by CITI to a suspected case of money laundering. A foreign bank had contacted CITI, requesting for an urgent recall of USD1.9 million that had been transferred into a RHB Bank Berhad Singapore bank account belonging to a foreign corporate entity. Preliminary investigations revealed that the transfer of funds was linked to an alleged business email compromise scam.
Upon the receipt of the information, the ASC swiftly froze the RHB Bank Berhad Singapore bank account. The swift action of the ASC, CITI and RHB had led to the full recovery of USD1.9 million (approximately SGD 2.54 million).
The Police’s collaboration with the banks attests to the importance of a strong partnership with community stakeholders to effectively combat scams and transnational fraud. The Police would like to commend CITI and RHB for their invaluable assistance in the recovery of the monies.
The Police would like to advise members of the public as well as business entities to be vigilant and wary of business email compromise scams. Such scams involve deceiving businesses through spoofing of company or client email addresses and making them transfer large amounts of monies into the wrong hands.
Companies should adopt the following crime prevention measures:
- Educate your staff to be mindful of any new or sudden changes in payment instructions and bank accounts. Always verify these instructions by calling the e-mail sender. Always use phone numbers in your record, instead of unknown numbers provided in the fraudulent email.
- Create awareness in your employees on this scam, especially those that are responsible for approving payments and making fund transfers such as making purchases or managing HR payroll. If these employees are working from home during the Circuit Breaker period, consider putting in place additional layers of checks before payments and fund transfers are made.
- Prevent your company’s generic email account from being hacked by using strong passwords, changing them regularly, and enabling Two-Factor Authentication (2FA) where possible.
- Consider installing email authentication tools such as Domain-based Message Authentication, Reporting and Conformance, DMARC (dmarc.globalcyberalliance.org), which can help detect fraudulent emails.
- Install anti-virus, anti-spyware/malware, and firewall on your computer, and keep them updated. You may consider installing free Domain Name System (DNS) protection services such as Quad9 (quad9.net) to protect against such attacks. Lastly, update your Operating System (OS) when new updates are made available.
You can also visit Cyber Security Agency’s GoSafeOnline website for more tips on securing your business at https://www.csa.gov.sg/gosafeonline.
If you or your business has been affected by this scam, call your bank immediately to recall the funds. If you wish to provide any information related to such scams, you may call the anti-scam helpline at 1800-722-6688 or go to www.scamalert.sg. Together, we can help stop scams and prevent our loved ones from becoming the next scam victim.
SINGAPORE POLICE FORCE
22 December 2020 @ 7:03 PM