How to differentiate between real and fake email addresses in business impersonation scams

Police have received more than 200 reports regarding business email impersonation scams between January and July 2018.

This is an increase of 9.7 percent as compared to the same period last year.

In these cases, the victims were deceived into transferring money overseas for business payments.

The victims believed that they were paying their regular business partners, only to discover that the request for payments were not made by their business partners, and the accounts did not belong to them.

Such cases usually involve businesses with overseas dealings and use email as their main mode of communication.

The police believe that the scammers may have hacked into either the email accounts of the victims or their suppliers, to monitor the email correspondence between both parties.

The scammers would look out for email correspondence relating to ongoing negotiations or discussions on sales and purchase transactions.

They would then pretend to be the supplier by using the supplier’s email account or creating a spoofed email account (which closely resembles that of the supplier’s) to send email instructions to the victims, asking them to transfer payments to another bank account which were controlled by the scammers.

Spoofed email addresses often include slight misspellings or replacement of letters, which may not be obvious at first glance.

Examples of spoofed email addresses are as follows:

Scammers may also use the same business logos, links to the company’s website, or messaging format to make the scam seem more legitimate.

The victims are then led to believe that they had received a genuine email from their suppliers and transfer money to the new bank account, only to discover that they had fallen prey to a scam when their suppliers informed them that they did not receive the money.

If your business has been affected by this scam, call your bank immediately to recall the funds.