SG victims of spoofed work emails suffer losses of over S$70mil, 149 victims in 2022

These spoofed email addresses often include subtle misspellings, or replacement letters, which might not be obvious. — Coffee work photo created by Racool_studio -

SINGAPORE: Since the start of the year, at least 149 people have fallen prey to a scam involving spoofed work emails, with losses amounting to at least S$70.8mil (RM225.24mil).

In a statement on Saturday (May 21), the police said the scammers, using a hacked email account or email address, would impersonate the colleagues, business partners or suppliers of the victims.

Often times, these spoofed email addresses would include subtle misspellings, or replacement letters, which might not be obvious at first glance.

Victims would get emails informing them that there was a change in bank account number, with a request that they make payment to other bank accounts.

Having been duped into believing that the emails were genuine, the victims would transfer funds to the new accounts.

In some cases, victims were instructed to purchase gift cards and provide the activation keys for their supervisors.

Victims realised they had fallen prey to a scam only when they checked with their suppliers or supervisors, who clarified that no request was made nor any payment received.

The police say these preventive measures should be adopted:

– Be mindful of any new or sudden changes in payment instructions and bank accounts. Always verify by calling the email sender using previously known phone numbers, instead of those provided in the email.

– Educate employees on this scam, especially those responsible for making fund transfers such as those engaged in purchasing or payroll.

– Prevent your email account from being hacked by using strong passwords, changing them regularly and enabling two-factor authentication, where possible. Consider installing free email authentication tools such as Domain-based Message Authentication, Reporting and Conformance.

– Install antivirus, antispyware/malware and firewalls on your computer, and keep them updated. You may consider installing free Domain Name System protection services such as Quad9.

– Ensure that your operating system is up to date by updating when new patches are made available.

– Never provide the gift card activation key without receipt of payment.

Businesses that have been affected by this scam should contact their banks immediately to request for a recall of funds. – The Straits Times (Singapore)/Asia News Network

Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

EV maker Fisker rallies after production update, bullish analyst report
Volkswagen to temporarily cut production of two EV models due to weaker demand -spokesperson
US sues for breaking antitrust law and harming consumers
EU probe into Adobe, Figma deal paused, regulators await data
JPMorgan's UK bank Chase to ban crypto transactions
Resist Russian disinformation as elections loom, EU tells Big Tech
EU's Breton tells Apple CEO to open its ecosystem to rivals
Analysis-Cisco's $28 billion Splunk deal may ignite software deal frenzy
Pegatron India's iPhone factory shutdown to go into third day after fire - sources
ASML to set up base in Japan's Hokkaido to support Rapidus chip plant- Nikkei

Others Also Read