Inventive email scam rises in Asia, says EY
Criminals target firms fool staff by pretending to be a senior executive seeking the urgent transfer of funds, report says
The Asia-Pacific has seen a significant increase of scam emails in the past two years, with criminals pretending to be senior executives and requesting finance staff to wire funds for urgent business, EY Fraud Investigation & Dispute Services (FIDS) said in a report.
Criminals apparently spent months researching potential targets through online resources, company reports and social media channels. Then, in fraudulent emails, they would purport to be the company’s chief executive or chief finance officer, mirroring their tones, and make urgent requests for kfunds to be transferred to external accounts, citing the transactions as “confidential” or “critical”, the study found.
Unfortunately, many staff receiving the command would not question or disobey instructions from those whom they assumed were senior management, and would bypass existing payment controls and transfer the money as requested.
“These criminals do their research extremely well … they will also often mirror the tone of the targeted executive and may even accurately reference the fact that the person is overseas for business at the time,” said Chris Fordham, Asia-Pacific leader for the fraud services unit.
Such scams do not appear to focus on a specific industry, but at organisations with multiple offices, across multiple countries, are publically listed or have company information easily accessible, according to FIDS.
Mobile social network platforms, through which business is increasingly being conducted, have also been used to facilitate scams.
In Wuhan, Hubei province, an accountant for a car shop was the victim of a fraud carried out on WeChat – the popular mobile social network platform hosted by diversified investment company Tencent – according to a report by regional paper Fuzhou Evening News.
The fraud began when the accountant found herself added to a WeChat group by a person who claimed to be her boss, with six people pretending to be her colleagues.
Daily conversations between her “boss” and “colleagues” convinced her that the group was genuine. Eventually, the “boss” asked the accountant for help with an urgent transfer of funds. The company lost 850,000 yuan.
“Criminals become more sophisticated and inventive ... not only are we seeing an increasing amount of this type of fraud, it is also becoming remarkably indiscriminate [in terms of industries],” Fordham said.
Organisations should take measures to protect themselves, such as enhancing internal communication and creating a culture whereby not every part of a transaction is done through mobile platforms, the FIDS said.
They should also adopt effective accounting controls which require second approvals on all transactions, it said in the report.