In a ceremony held at the Police Cantonment Complex today, staff from OCBC Bank's Fraud Risk Management team were commended for their efforts in preventing a business email impersonation scam involving US$205,000. Mr Francisco John Celio, OCBC Bank's Head of Corporate Security, received the appreciation plaque from Director of the Commercial Affairs Department (CAD), Mr David Chew on behalf of his team.
On 25 March 2019, a corporate service provider made a transfer of USD205,000 from her client's OCBC bank account to a Malaysian bank account after receiving a purported email instruction from her client to do so. OCBC Bank's Fraud Surveillance unit found the transaction suspicious because it did not fit the customer's usual transaction patterns and the beneficiary bank account was a new payee. As such, the bank contacted the customer to find out the purpose for the change in payment instructions. Preliminary investigations revealed that the email instruction was forged and not sent by the customer.
OCBC Bank immediately liaised with the Malaysian bank concerned and managed to recover the transferred funds on 26 March 2019.
Director CAD, Mr David Chew said, Business email impersonation scams caused the largest loss to Singapore victims in 2018. We commend OCBC Bank for their alertness and vigilance in detecting this scam and swiftly recovering the victim's funds. A strong commitment from financial institutions to detect and stop fraudulent transactions is an important weapon in our fight against business email impersonation scams. At the same time, businesses must do their part to avoid falling victim to such scams.
Businesses are advised to take note of the following crime prevention tips:
a. Be mindful of any new or sudden changes in payment instructions and bank accounts. Always verify these instructions by calling your business partners on trusted numbers. Previously known phone numbers should be used instead of the numbers provided in the fraudulent email.
b. Educate your employees on this scam, especially those who are responsible for making fund transfers.
c. Prevent your email account from being hacked by using strong passwords, changing them regularly, and enabling Two-Factor Authentication (2FA) where possible. Consider installing email protection software that can detect fraudulent emails.
d. Install anti-virus, anti-spyware/malware, and firewall on your computer, and keep them updated. Also use the latest computer Operating System (OS) and keep them updated when new patches are available.
e. If your business has been affected by this scam, call your bank immediately to recall the funds.
Source: Singapore Police Force