The Financial Intelligence Unit (FIU) is urging banks and companies to be more vigilant following a concerning observance of an increase in the incidence of and attempts to commit the fraudulent transfer of funds using wire payments at commercial banks.
The Unit said that the perpetrators have been using what seems to be advanced internet and computing technology to intercept emails of senior officials who are responsible for approving payments by their respective companies.
The FIU said that these acts have targeted a number of larger business enterprises in Guyana, with some losing a total of $163.4M for last year alone.
Based on its investigations, the regulator found that the email account interception/ hack allows the scammers/fraudsters, once undetected in a timely manner, to monitor and/or manipulate the emails of the senior company official. This allows hackers to observe the nature and details of communications with customers, suppliers and financial institutions. The FIU said that this includes the key contacts, transfer trends, and other details relating to the facilitation of payments by the company to the supplier via a financial institution.
With this information, the perpetrators then proceed to dispatch fraudulent e-mails representing themselves to be: (i) the suppliers’ contact persons requesting payment for goods while at the same time issuing amended banking details for such remittances; and (ii) the senior officials of the local businesses (customers) instructing financial institutions to wire transfer such payments in accordance with those amended banking details.
The FIU said that spoofing and phishing are usually the manner by which the fraudsters gain entry into the networks of these entities. By cloning company letterheads, signature blocks and logo, the Unit explained that the hackers are able to “spoof” or trick the recipients into thinking it originated from a legitimate source. This allows them to gain the trust of the receiver (usually the paying company and/ or the financial institution) to follow the revised instructions or a link which will enable the divulgence of key user information. Phishing, on the other hand, involves impersonating individuals, by creating email addresses almost identical to the legitimate ones, for example: by interchanging or modifying two letters or adding an extra letter in an email address.
The FIU said that the perpetrators press for the fraudulent transaction to be completed in the shortest possible time, to avoid detection before the payment is remitted by the financial institution.
Considering the substantial loss some businesses are suffering, the FIU is calling on all companies to put the necessary safeguards in place and to be more vigilant.
In this regard, the FIU recommended that financial Institutions put in place multi-level verification methods to confirm the identity of person(s)/organisation’s representatives who provide instructions to effect wire transfer payments via email or any other non-personal method.
It said, too, that banks should establish clear profiles for customers’ wire transfer activities (amounts/ authority limits, beneficiaries, regularity, Beneficiary Bank details, etc.), so as to hopefully identify unusual or fraudulent requests.