SINGAPORE: Since the start of the year, at least 149 people have fallen prey to a scam involving spoofed work emails, with losses amounting to at least S$70.8mil (RM225.24mil).

In a statement on Saturday (May 21), the police said the scammers, using a hacked email account or email address, would impersonate the colleagues, business partners or suppliers of the victims.

Often times, these spoofed email addresses would include subtle misspellings, or replacement letters, which might not be obvious at first glance.

Victims would get emails informing them that there was a change in bank account number, with a request that they make payment to other bank accounts.

Having been duped into believing that the emails were genuine, the victims would transfer funds to the new accounts.

In some cases, victims were instructed to purchase gift cards and provide the activation keys for their supervisors.

Victims realised they had fallen prey to a scam only when they checked with their suppliers or supervisors, who clarified that no request was made nor any payment received.

The police say these preventive measures should be adopted:

– Be mindful of any new or sudden changes in payment instructions and bank accounts. Always verify by calling the email sender using previously known phone numbers, instead of those provided in the email.

– Educate employees on this scam, especially those responsible for making fund transfers such as those engaged in purchasing or payroll.

– Prevent your email account from being hacked by using strong passwords, changing them regularly and enabling two-factor authentication, where possible. Consider installing free email authentication tools such as Domain-based Message Authentication, Reporting and Conformance.

– Install antivirus, antispyware/malware and firewalls on your computer, and keep them updated. You may consider installing free Domain Name System protection services such as Quad9.

– Ensure that your operating system is up to date by updating when new patches are made available.

– Never provide the gift card activation key without receipt of payment.

Businesses that have been affected by this scam should contact their banks immediately to request for a recall of funds. – The Straits Times (Singapore)/Asia News Network