How does it work?
Example 1 (Corporate level): “Change of supplier bank details”
Fraudsters knew from stolen emails about the transactions of Company A (the seller, the consignor) and Company B (the buyer, the paying company). Later, fraudsters, pretending to be Company A, sent fictitious emails (which are very similar to genuine emails) to Company B, claiming that the email address and payment receiving bank account number have changed, and requesting Company B to credit the amount payable to the designated account. Afterwards, when contacting Company A by phone, Company B found out that it had been deceived by fictitious emails and suffered losses both in money and business reputation.
Example 2 (Personal level): “Overseas relatives/ friends need immediate money remittance”
After hacking into a personal email account, fraudsters sent out deceptive emails to all persons on the contact list of the account. The email defrauded that the sender had encountered an accident overseas and requested the victims to transfer money to accounts designated by the fraudsters as a matter of emergency. Some victims made the remittance without further verification and only realised that they had been cheated when contacting their relatives or friends.
What is our advice?
- Safeguard personal data, including personal and commercial email accounts to prevent from being stolen by culprits;
- Do not use computers in public places to access personal email box, use instant messaging software and e-banking, or carry out other operations involving sensitive data;
- Set proper passwords and change them regularly;
- Do not open emails of dubious origins;
- Do not download attachments of suspicious origin or nature;
- Use anti-virus software to scan for virus before opening attachments.
- Use genuine software;
- Update software with patches provided by software developers;
- Install and turn on firewall and intrusion detection system;
- Update virus and spyware definition files;
- Use anti-virus software to scan computers regularly;
- Do not download software of suspicious origin or nature;
- Protect wireless networks.