Photo of the Remarkables mountain range in Queenstown, New Zealand.

Business email scammers target Cayman

| 23/03/2016 | 0 Comments

CNS Business(CNS Business): There has been an increase in wire transfer frauds by email against Cayman Islands businesses and government entities, the new Cybersecurity Incident Response Team, CIRT-KY, has warned. The internet security arm of the Information and Communications Technology Authority (ICTA), CIRT-KY said the scammers are masquerading as legitimate businesses in an attempt to make unauthorised wire transfers. “Actors use the compromised account or a spoofed account to send wire transfer instructions. The funds are then sent to other countries all over the world,” the cyber experts warned.

“Wire transfer fraud usually involves the compromise of or representation of an e-mail account belonging to a business’ CEO/CFO, in order to send an email to an employee with the ability to conduct wire transfers,” CIRT-KY said in its latest alert.

The scammers are also compromising the email accounts of vendors or suppliers to get into associated bank accounts, where a last minute change is made of the account number for future payments.

The scammers compromise the legitimate business email accounts and then review communications and travel schedules and use auto-forward emails received by the victim to an email account under their control. Once they are comfortable, they begin to send wire transfer instructions using either the victim’s email or a spoofed email account that is controlled by the cyber fraudsters.

“The difference in the spoofed email account is very subtle and can easily be mistaken for the legitimate business e-mail address,” the agency warned.

Using different ways to ensure their email communications are successful, the scammers create rules using the compromised business email account to send all communications associated with the actor’s activity to the trash folder or to a hidden folder the victim is unaware of.

Targeting chief executives and financial controllers, the cyber criminals wait until they are on official travel before sending wire transfer instructions, making it more likely that the individual would use email for official business and therefore harder to verify fraudulent transactions.

“These requests will sometimes state that the wire transfer is related to urgent or confidential matters and must not be discussed with any other company personnel,” CIRT-KY added in the alert.

They said the key to reducing the risk is to understand the criminals’ techniques and deploy effective financial transaction and payment risk mitigation processes. This includes verifying a change in payment instructions to a vendor or supplier by calling to verbally confirm the request (the phone number should not come from the electronic communication, but should instead be taken from a known contact list for that vendor), CIRT-KY stressed.

Other best practices are: maintaining a file, preferably in non-electronic form, of vendor contact information for those who are authorised to approve changes in payment instructions, and limiting the number of employees within a business who have the authority to approve and/or conduct wire transfers.

Businesses should also use out of band authentication to verify wire transfer requests that are seemingly coming from executives. This may include calling the executive to obtain verbal verification, establishing a phone Personal Identification Number (PIN) to verify the executive’s identity, or sending the executive via text message a one-time code and a phone number to call in order to confirm the wire transfer request.

Dual-approval should be required for any wire transfer request involving:

  • A dollar amount over a specific threshold; and/or
  • Trading partners who have not been previously added to a “white list” of approved trading partners to receive wire payments; and/or
  • Any new trading partners; and/or
  • New bank and/or account numbers for current trading partners; and/or
  • Wire transfers to countries outside of the normal trading patterns.

Victims of cyber-crime should contact the police and CIRT-KY at

“Timing is critical. If notified immediately, CIRT-KY and law enforcement can work with you to increase the chance of recovering the stolen funds and limiting further risk,” the experts said. “When reporting, be prepared to provide a general description of this crime, how it occurred, losses experienced, and wiring instructions. Money Laundering Reporting Officers, financial institutions’ compliance or anti-money laundering teams should submit a Suspicious Activity Reports (SAR) to the Financial Reporting Unit as required by Law,” the agency noted.

CIRT-KY is the cyber-security arm of the Information and Communications Technology Authority (ICTA), which was created to enhance the security and resilience of the Cayman Islands’ critical infrastructure and to maintain a cyber-environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy and protecting the perception and reputation of the jurisdiction.

Tags: , ,

Category: Cybersecurity, Local Business, Technology

Please include your email address in the form below if you are using your real name. You can use a pseudonym, with or without leaving an email address, or just leave the form blank to be "Anonymous". All comments will be moderated before they are published. The CNS Comment Policy is at the top of this page.

This site uses Akismet to reduce spam. Learn how your comment data is processed.