The rise of remote working has been exploited by scammers who have successfully skimmed $79 million from unsuspecting victims over the past 12 months by using a fraud technique called business email compromise (BEC).
AFP Cybercrime Operations contacted Interpol seeking assistance to notify Singaporean authorities to place a hold on the account and this was done within a day of the second transfer. So if you receive an email from a business partner asking you to change bank account details for future invoice payments, be suspicious.
The Australian Federal Police (AFP) is urging businesses and individuals to be alert to the threat of this practice, whereby typically the victim believes a request made is legitimate and sends funds to an account operated by the scammer.
According to the Australian Cyber Security Centre (ACSC), the fraudulent emails may come from hacked email accounts or cybercriminals might register domain names that are similar to legitimate companies, ytpically by swapping letters or adding additional characters.
"At a quick glance, an email address may look legitimate when it is actually being operated by a cybercriminal," the ASCS said in a notice last week.
The AFP explains BEC often goes unnoticed until the intended recipient of the funds enquires about the missing payment, or the victim becomes aware that the funds have been deposited incorrectly.
The AFP and its law enforcement partners formed a BEC taskforce in January 2020 to respond to the threat, coordinating a national effort to prevent BEC scams and disrupt associated cyber-criminal syndicates.
Over the past 12 months the ACSC, one of several bodies co-ordinating the taskforce, has received reports of more than 3,300 incidents of BEC through its Report Cyber portal, with nearly half of those scams resulting in financial loss.
The AFP and its taskforce partners managed to prevent $8.45 million from being lost from the community under these frauds during FY21.
In one case in September 2020, the taskforce assisted an Australian business, which was compromised when offenders who claimed to be staff sent internal invoice emails to the company's finance area, but with altered bank details.
The business processed two payments within a few days - transferring $519,545 and then $2,148,938 to a Singaporean bank account. The BEC was discovered after the second transfer. The affected business immediately reported the matter to NSW Police via Report Cyber, who then notified the AFP to intercept the transferred funds.
AFP Cybercrime Operations contacted Interpol seeking assistance to notify Singaporean authorities to place a hold on the account and this was done within a day of the second transfer.
The AFP was advised that the first fund transfer had already been extracted by the offender, but the second had been successfully intercepted by the Singapore Police Force placing the bank on alert.
As a result of the intervention and disruption activity, $2.1 million of the $2.6 million was recovered. Enquiries continue regarding the remainder of the funds and who was responsible for the crime.
AFP Commander Cybercrime Operations Chris Goldsmid, said anyone can be a victim of BEC with cyber-criminals using sophisticated techniques to trick their targets.
"Don't be embarrassed if you fall victim, report it immediately to your bank and the police to give us the best chance of recovering your money," Goldsmid said.
"If you are transferring money online do your due diligence, ensure you are comfortable that you are sending the money to the correct person and account.
"If you think an email is suspicious, make further enquiries. Call and check directly with the business or organisation you are dealing with. It is reasonable to ask questions to protect yourself or your company."
Get our daily business news
Sign up to our free email news updates.