Scammed or hacked? Overview of common fraud techniques and the corporate response
Nobody is immune to scams and cyber-attacks. With the increase in scammers’ levels of sophistication, their targets have also increased in scale. Scammers even routinely target multinational corporates and banks which have far more robust defences and highly trained personnel than the average SME.
Victims of scams and cyber-attacks face numerous consequences, including the difficulty of trying to unravel fraudulent transactions, exfiltration of sensitive financial or personal data, and disruption of key IT services. Some recent examples include the following:;
- In March 2021, a local furniture retailer was hacked, causing the phone numbers and physical addresses of its customers to be leaked online. The hacker group claimed that it had hacked into the company’s database and stolen information related to more than 30,000 customers and nearly 600,000 transaction records.
- In May 2021, it was reported that an employee of a local bank allegedly fell prey to an impersonation scam that caused the leak of the names, identification and mobile numbers and account balances of over 1,100 customers of the bank. The employee had allegedly fallen victim to a Chinese police impersonation scam and was duped into disclosing the information of customers from China with Singapore-based accounts.
Apart from the direct consequences of cyber-attacks/scams, a whole range of questions that senior management and directors of affected companies must answer will swiftly arise such as how do we determine who is responsible and what went wrong? Or how the matter should be reported to the authorities and how should it be communicated to clients and/or shareholders? Is it be possible to retrieve the funds in the hands of the fraudsters? What should be done first?
This article seeks to set out a brief overview of common scam techniques and provides guidance on the consequences/potential liabilities that may arise, and more importantly, what should be done in the event of a scam being perpetrated on corporates.
Common Scam Techniques
i. Business Email Compromise (BEC) scams
In BEC scams, fraudsters approach employees of companies, passing themselves off as a known vendor or client of the company. Such fraudsters commonly hack/takeover the email accounts of the vendor, or impersonate the vendor by creating a similar looking email. Fraudsters may also attempt to pass off as CEOs or Senior Executives in order to request for sensitive data, often with a view to using such data in subsequent attacks such as to bypass security verification/authentication tools.
ii. Fake invoice scams
Another common scam is to utilise fake invoices, wherein fraudsters posing as known vendors generate fake/modified invoices using legitimate billing information or upcoming invoice, but with modified payment details that will route the payment to the fraudster’s bank account instead.
iii. Ransomware
Getting users to click links in a phishing email, pop-up windows from a suspicious websites, and emails requesting one to download attachment are common ways of tricking employees into installing malicious software on their workplace computers. This may grant fraudsters the ability to steal the company’s data and to remotely lock your files and prevent access unless a ransom is paid.
Potential repercussions of scams/cyber-attacks
The consequences for victims of scams/cyber-attacks are myriad and multifaceted. Anyone and everyone in the company’s chain of command as well as clients and potential clients may be affected. Corporate entities who fail to secure the personal or financial data of their customers face not only reputational risks, but may also be found to be directly liable to the affected customers, not to mention potential breaches of regulations relating to, amongst others, cybersecurity and data privacy. Questions on breach of confidentiality obligations or fiduciary duties may also arise.
i. Direct consequences
Fraudulent transmittals…
Read More: Scammed or hacked? Overview of common fraud techniques and the corporate response