The Commercial Affairs Department of the Singapore Police Force is investigating a local corporate entity for its suspected involvement in money laundering offences linked to a business email compromise scam.
On 3 October 2020, the Police were alerted by United Overseas Bank (“UOB”) and Federal Bureau of Investigation (“FBI”) to a suspected case of money laundering. A foreign bank had contacted UOB, requesting for an urgent recall of USD5million that had been transferred into a Singapore-based UOB account belonging to a local corporate entity. Preliminary investigations revealed that the transfer of funds was linked to an alleged business email compromise scam.
Upon the receipt of the information, the Anti-Scam Centre (“ASC”) swiftly froze the Singapore-based UOB account and recovered a portion of the money. The ASC continued to work with UOB to trace the remaining monies and successfully recalled a further amount of money which had been transferred from the Singapore-based UOB account to a Malaysia-based UOB account. The swift action of the ASC and partnership with UOB had led to the recovery of more than USD4.91 million (about SGD6.69 million) out of the USD5million that was fraudulently transferred. This is the largest single recovery made by ASC since its official inception on 18 June 2019. Efforts are underway to trace and recover the remaining monies.
The Police’s collaboration with the bank attests to the importance of a strong partnership with community stakeholders to effectively combat scams and transnational fraud. The Police would like to commend UOB for their invaluable assistance in the recovery of the monies.
The Police would like to advise members of the public as well as business entities to be vigilant and wary about business email compromise scams. Such scams involve deceiving businesses through spoofing of company or client email addresses and making them transfer large amounts of monies into the wrong hands.
Companies should adopt the following crime prevention measures:
a) Educate your staff to be mindful of any new or sudden changes in payment instructions and bank accounts. Always verify these instructions by calling the e-mail sender. Always use phone numbers in your record, instead of unknown numbers provided in the fraudulent email.
b) Create awareness in your employees on this scam, especially those that are responsible for approving payments and making fund transfers such as making purchases or managing HR payroll. If these employees are working from home during the Circuit Breaker period, consider putting in place additional layers of checks before payments and fund transfers are made.
c) Prevent your company’s generic email account from being hacked by using strong passwords, changing them regularly, and enabling Two-Factor Authentication (2FA) where possible.
d) Consider installing email authentication tools such as Domain-based Message Authentication, Reporting and Conformance, DMARC (dmarc.globalcyberalliance.org), which can help detect fraudulent emails.
e) Install anti-virus, anti-spyware/malware, and firewall on your computer, and keep them updated. You may consider installing free Domain Name System (DNS) protection services such as Quad9 (quad9.net) to protect against such attacks. Lastly, update your Operating System (OS) when new updates are made available.
You can also visit Cyber Security Agency’s GoSafeOnline website for more tips on securing your business at https://www.csa.gov.sg/gosafeonline.
If you or your business has been affected by this scam, call your bank immediately to recall the funds. If you wish to provide any information related to such scams, you may call the anti-scam helpline at 1800-722-6688 or go to www.scamalert.sg. Together, we can help stop scams and prevent our loved ones from becoming the next scam victim.
SINGAPORE POLICE FORCE
08 October 2020 @ 1:30 PM