SG victims of spoofed work emails suffer losses of over S$70mil, 149 victims in 2022

These spoofed email addresses often include subtle misspellings, or replacement letters, which might not be obvious. — Coffee work photo created by Racool_studio -

SINGAPORE: Since the start of the year, at least 149 people have fallen prey to a scam involving spoofed work emails, with losses amounting to at least S$70.8mil (RM225.24mil).

In a statement on Saturday (May 21), the police said the scammers, using a hacked email account or email address, would impersonate the colleagues, business partners or suppliers of the victims.

Often times, these spoofed email addresses would include subtle misspellings, or replacement letters, which might not be obvious at first glance.

Victims would get emails informing them that there was a change in bank account number, with a request that they make payment to other bank accounts.

Having been duped into believing that the emails were genuine, the victims would transfer funds to the new accounts.

In some cases, victims were instructed to purchase gift cards and provide the activation keys for their supervisors.

Victims realised they had fallen prey to a scam only when they checked with their suppliers or supervisors, who clarified that no request was made nor any payment received.

The police say these preventive measures should be adopted:

– Be mindful of any new or sudden changes in payment instructions and bank accounts. Always verify by calling the email sender using previously known phone numbers, instead of those provided in the email.

– Educate employees on this scam, especially those responsible for making fund transfers such as those engaged in purchasing or payroll.

– Prevent your email account from being hacked by using strong passwords, changing them regularly and enabling two-factor authentication, where possible. Consider installing free email authentication tools such as Domain-based Message Authentication, Reporting and Conformance.

– Install antivirus, antispyware/malware and firewalls on your computer, and keep them updated. You may consider installing free Domain Name System protection services such as Quad9.

– Ensure that your operating system is up to date by updating when new patches are made available.

– Never provide the gift card activation key without receipt of payment.

Businesses that have been affected by this scam should contact their banks immediately to request for a recall of funds. – The Straits Times (Singapore)/Asia News Network

Article type: free
User access status:
Join our Telegram channel to get our Evening Alerts and breaking news highlights

Next In Tech News

Grubhub gets Amazon investment; Prime members to get fee-free food
Facebook asks U.S. court for old FTC merger documents in antitrust fight
UK watchdog investigates Microsoft's $68.7 billion Activision deal
Mexican used-car startup Kavak expands outside Latin America
EU antitrust watchdog raids online food, groceries delivery companies
Volkswagen�CEO eyes ‘big moves’ in China to gain thousands of coders
Taiwan economy minister: Order books for chip firms still very full
Suspect in US July 4 shooting an alienated youth with dark online persona
Dutch university recovers US$550,000 (RM2.43mil) in ransom from 2019 hack
Airbnb London prices soar as UK eyes curbs in tourist haunts

Others Also Read