How does it work?
Example 1 (Corporate level): “Change of supplier bank details”
Fraudsters knew from stolen emails about the transactions of Company A (the seller, the consignor) and Company B (the buyer, the paying company). Later, fraudsters, pretending to be Company A, sent fictitious emails (which are very similar to genuine emails) to Company B, claiming that the email address and payment receiving bank account number have changed, and requesting Company B to credit the amount payable to the designated account. Afterwards, when contacting Company A by phone, Company B found out that it had been deceived by fictitious emails and suffered losses both in money and business reputation.
Example 2 (Personal level): “Overseas relatives/ friends need immediate money remittance”
After hacking into a personal email account, fraudsters sent out deceptive emails to all persons on the contact list of the account. The email defrauded that the sender had encountered an accident overseas and requested the victims to transfer money to accounts designated by the fraudsters as a matter of emergency. Some victims made the remittance without further verification and only realised that they had been cheated when contacting their relatives or friends.
What is our advice?