Email scams are a rising menace and every year millions of people around the world get conned by what they assume to be promotional emails sent by friends or colleagues offering lucrative discounts.
In a press release, the Singapore Police on Monday, January 20, warned the public about a variant of the Business E-mail Compromise (BEC) scam. The police revealed that since January last year, at least $987,000 have been lost by victims who fell prey to mail scams involving the purchase of iTunes or Google Play cards.
90 cases since January 2019
According to the police, the victims of the scam had responded to emails that were supposedly sent to them by their colleagues or employers, instructing them to buy iTunes cards or Google Play cards for work-related purposes such as gifts for clients and staff. The scammers would then trick the victims into sending over the redemption codes of the gift cards.
The police has said that they have received at least 90 reports of such cases since January last.
Beware before you send money to your boss or colleague
Business E-mail Compromise scams have been a major concern as the scammers pose as high-profile executives such as company CEOs and high-ranking managers. The gullible public is tricked into believing that they have received an email from one of their bosses or colleagues and end up losing money as a result.
The scammers may also closely mimic the emails by using the same business logos, links to the company's website, or messaging format, according to the police warning.
Police have warned that in the past cases of BEC, scammers have impersonated as CEOs, business partners, suppliers and employees of companies to request victims to transfer funds to specified accounts, claiming that the money was for business partners or salaries of other employees.
Spoofed email addresses
In the press release, police also note that the scammers use hacked or spoofed email accounts, or familiar looking email IDs to trick the victims.
For example, the genuine email address firstname.lastname@example.org is spoofed to email@example.com. In such cases, it is very hard to make out the difference between the actual email address and the spoofed.
In some cases, the scammers would also enclose copies of bankbooks bearing the names of employees to make the requests seem authentic, leading the gullible victims to transfer the money to the new bank account without giving it a second thought. The victims would find out that they have been conned only when the actual employer informs them that they did not receive any money nor did they send any request.
How to prevent falling prey to such scams
The police added that companies should educate their employees about such scams, especially those regarding fund transfers.
Another preventive measure is using strong passwords and changing them regularly, and enabling Two-Factor Authentication (2FA).
Those who are concerned can also consider using email authentication tools that help detect fraudulent emails, and some of them are available for free.
We highly recommend installing a good anti-virus and anti-spyware/malware programs and updating your computer operating system regularly to make sure you have all the latest security patches and updated firewall.
Meanwhile, the police have issued a public notice asking them to get in touch with the police to provide information on such scams. You may contact the Singapore police on 1800-255-0000 or email at www.police.gov.sg/witness