We have received a number of helpline calls about cyber criminals and money transfer frauds. This crime is on the rise with criminals still managing to dupe victims out of large amounts of money despite banking literature and television adverts attempting to prevent it.
Criminals are managing to hack into the email of users, usually speculatively, and look for email exchanges which indicate some form of money transfer is imminent. Criminals will usually then intercept users’ emails and email victims requesting funds are sent to an alternative bank account usually with some sense of urgency.
The criminals are ‘spoofing’ users’ emails and sending messages to victims who believe they are being sent by the genuine users. ‘Spoofing,’ unfortunately, is a lot easier to do than people would hope with victims including not only large corporations but even the NHS.
Banks can usually freeze funds if they are still in the account to which they were sent. However, these funds are usually sent on to alternative accounts by the criminals, often in foreign jurisdictions to prevent the money being frozen and ultimately recovered.
Fault in these circumstances is not easily identified. Victims are usually required to ensure that they have checked and verified any new banking details. Banks will not usually cover this type of fraud because the victim, who is also the account holder, will have authorised the transaction.
Scams such as these are not always easy to spot but here is a checklist (not exhaustive) which may safeguard people from the hackers:
- Address email may vary (even slightly) from the original users’ email;
- Is the greeting in the email the same as that in previous emails;
- Note most companies will never ask for personal information to be sent via email;
- Never click on a link or attachment in an email you were not expecting;
- Check for poor grammar and spelling in the email; and
- Fraudsters may attempt to pressure victims with time sensitive situations.
Ultimately the advice is always when sending funds, that it is best practise to telephone the recipient and verify any details you may have received by email. This can be inconvenient however, with this crime on the increase taking this precaution is strongly advised.