Recently, there has been an increasing trend of Business Email Compromise (BEC). A BEC is an email-based fraud technique that is designed to gain access to critical business information or extract money through fraudulent requests for payment or wire transfer.

Spoofed email addresses used by the scammers often include slight misspellings or replacement of letters, which may not be obvious at first glance.
Genuine email address
e.g. 1: abc@deshipping.com
e.g. 2: sallykoh@yyconstruction.com
Spoofed email addresse.g.
1: abc@deshpping.com e.g.
2: sallyk0h@yyconstruction.com

Customers are advised to adopt the following preventive measures:

1.Promote a Culture of (Cyber) Vigilance among Employees
Regularly share cyber hygiene news on current scam/phishing cases.

2.Implement Additional Verification Process for Finance-related Requests
Implement a secondary confirmation process to verify the authenticity of finance-related requests.

3.Block Malicious or Spoofed Emails
Implement filters at the email gateway to filter out emails with known malware spamming indicators.

4. Implement Strong Password Policies
Using strong passwords, changing them regularly, and enabling Two-Factor Authentication (2FA) where possible.

5.Inspect suspicious / urgent emails closely
Seek confirmation using a different medium (i.e. phone call) before proceeding with an important instruction that was sent via the email.

Scammers are adept at changing their tactics to reflect current situation. Stay vigilant and take precautionary measures to guard against BEC attacks.

Disclaimer: The information in this material is intended for general information only. You are responsible for and should take all necessary preventive measures to protect the security and safety of your valuable business information and assets. ICBC Singapore assumes no responsibility to you in any manner whatsoever. While information contained in this publication has been obtained from sources* believed to be reliable, ICBC Singapore makes no representation or warranty as to its adequacy, completeness, accuracy or timeliness for any particular purpose.  The information herein is subject to change and may be modified, deleted or replaced at any time at the sole and absolute discretion of ICBC Singapore.

*Source: Singapore Police Force, Police Advisory on Variant Of Business Email Compromise Scam, https://www.police.gov.sg/media-room/news/20200120_others_police_advisory_on_variant_of_business_email_compromise_scam Cyber Security Agency of Singapore (CSA), Protecting Your Enterprise from Business Email Compromise Attacks, https://www.csa.gov.sg/singcert/advisories/ad-2020-008