Corporate fraud

This scam involves a fake email supposedly from senior members of staff in your organisation, asking for payments to be made to a beneficiary account controlled by a criminal. The request is urgent, confidential, and often takes place when your CEO or senior staff member is out of the office.

Read on to find out how this can evolve.

It was a typical day for Mr. Jones, an accountant for Mighty Trading’s subsidiary based in Singapore. He had a pile of account payables to process but was suddenly interrupted by an email titled “Very Urgent: need help for payment of medical equipment !!!”.

Jones recognises the sender as Kenny Smith. He is the newly appointed Group COO for Mighty Trading from the head office. The Group COO explained that the firm has just won an exclusive distribution rights for Personal Protective Equipment (PPE) with a manufacturing plant in Vietnam. This is a turning point for the company as it would expand its customer base and increase its sales by 80% from exclusive distributorship in Asia. In order to secure this partnership and ensure a timely shipment, Kenny explained that Mighty Trading must wire a down payment in the next 24 hours.

Jones replied to Kenny’s email, explaining that he required the necessary documents to process this request. Kenny demanded that Jones process the payment immediately, or he would be held personally accountable for any losses incurred by the firm. Besides, Kenny was now overseas and would follow up with a contract and invoice later.

Afraid that a delay would cause business repercussions, Jones swiftly wired the funds to the designated bank account. Jones calls Kenny Smith the next day to follow up for legal documents, only to discover that Kenny had never sent that mail. The firm has fallen prey to a BEC scam.

This scam is a refined attack method where the fraudster researches and identifies someone who might regularly request an invoice payment, bank transfer, or change in banking details. The fraudster registers a fake domain that looks similar to the target organisation and creates an email address under the domain with the exact same display name as the victim, luring them into making payments to accounts controlled by the fraudster.

Read on to find out how this can evolve.

Mr. Jones has been handling his company’s payments for the past 5 years, making funds transfers for internal office supplies and processing accounts payables and receivables. He is familiar with the accounts and stakeholders he deals with and has good connections on his Linkedin profile.

He receives an email from GenCorp Pte Ltd, a trusted supplier of his, requesting for their bank account details to be updated. GenCorp explained that they have decided to close their existing bank account and create a new account with another bank. They requested that this information be kept confidential as GenCorp was going through an internal reorganisation. They also provided the new bank account details and a new contact number. GenCorp requested that the new account be used by Mr Jones to make a pending payment. Mr Jones happily obliged with the request.

A week after, Mr Jones received a call from GenCorp’s finance department following up on an overdue payment. Upon further investigation, it was revealed that GenCorp’s business email had been hacked and Mr Jones realised his firm has fallen prey to a BEC scam and it was too late to recover the funds.

This scam takes place when the fraudster uses a spoofed email address to communicate with their victim in an organisation, impersonating the organisation’s supplier or business partner, by requesting for payment for goods which will never be delivered.

Read on to find out how this can evolve.

Mighty Trading and GenCorp Pte Ltd has a long-standing business partnership. Mr Jones is responsible for processing payments on behalf of Mighty Trading. GenCorp typically sends an invoice to Mighty Trading whenever goods were shipped. It was not uncommon to receive several invoices in a month from GenCorp, at times requesting for disbursements of funds to 3rd party accounts.

While processing one of GenCorp’s bills, Jones received an email from Betty Chung, the account manager for GenCorp, requesting payment for a shipment of goods to a new bank account. He noticed the prints on the cover letter and invoice were blurry, but it contained the usual company logo, layout and order quantities Jones was familiar with. He read through the underlying funds transfer request and wired the funds accordingly.

This BEC scam was only uncovered a month later when Mighty Trading discovered that they have not received the shipment of goods from GenCorp.

• Change in supplier’s company profile like email address, contact numbers or contact person
• Unusual request to transfer money to a new account due to dire circumstances or to a personal account or offshore account
• Urgent or Highly Confidential requests without any opportunity to consult another colleague, with multiple chasers from the fraudster to affect the change;
• Rationalisations as to why the requests cannot be checked further
• Impersonation: Fraudsters represent key influential people – founder, CEO, COO, CFO and may take advantage of reorganisation by impersonating newly appointed senior managers. They can also impersonate suppliers.
• Invoice Redirection: Anomalies in underlying documents for example, payment orders, contracts, and invoices which indicates signs of tampering, distorted images, spelling errors and mismatch in information

• Never respond to urgent monetary requests without first verifying that the requester is who they say they are.
• Always confirm any change in bank account details before making any payment or funds transfer. Validate the request directly with your business contact either by telephone using independently sourced contact details, or in person
• Require proper documentation or approval for large fund transfers and practice segregation of duties, between employees authorised to initiate instructions, approve payments and reconciliation of account balances. Design procedures for deviations from normal standards.
• Always be prudent with what you post on social media. Work related information including the mention of your supplier’s or client’s company can be used by fraudsters to build a convincing scam to trick you.
• Be extra vigilant if you are in a role involving finance, accounts or payments. Fraudsters tend to seek and target individuals finance-related responsibilities.
• Search for clues that the email is authentic e.g. check that the email address is spelt correctly (kenny.smith@mighty.com vs kennysmith@mighty.com), or hover your mouse over the email address to confirm the domain URL matches that actual company name.

In this type of scam a legitimate cheque is altered or a signature is replicated. This scam usually occurs when an employee attempts to steal company funds by forging, intercepting, or altering a cheque drawn on the organization’s bank accounts.

According to the ACFE Report in 2020, Cheque and Payment tampering is the top 5 most common insider fraud in the Americas and Canada, with the average loss amounting to USD$588,000.

Perpetrators may alter the value of stolen cheques by using bleaching agents to remove inked handwriting or submit cheque for signatory approval by filling the details with erasable ink and tampering the cheque thereafter.

This involves the use of equipment and technology by illegally reprinting, reproducing and duplicating a cheque.

Cheque overpayment scam is used against businesses where a buyer expresses interest in the purchase of goods, sends a cheque for more than the agreed amount, asking you to repay them the excess by funds transfer. The cheque is very likely to be fake and the victim may have shipped the goods along with the “excess” cash forwarded to the bad actor.

Devi is the Head of Finance for Mighty Trading Pte Ltd. The company usually makes remittances through online banking but due to local business practices, it is common to receive and issue cheques to business partners and contract staff.

Mr Jones, the company accountant, is responsible for the physical safe keeping of Mighty Trading’s cheque book and preparing cheques for Devi to authorize. As Devi travels very often, Jones is entrusted with the firm’s general ledger and bank accounts. Jones was also familiar with existing company controls for payments.

Over a three-year period, Jones prepared cheques with erasable ink supported by a mix of fake and original invoices. He would get Devi to sign off on the cheques, then erase the payee and write down a new payee name in permanent ink. After a few successful attempts, he opened a bank account for the sole purpose of concealing his criminal proceeds

His ruse came to light after the bank contacted Devi as one of the cheques had not been filled in properly.

• Beware of overseas buyers who hastily agree on a transaction without seeking more information about the goods they are buying.
• Act with caution for overpayment of goods – validate the cheque with your bank first.
• Should you replace your cheque book, inform your bank immediately.
• Always store cheque books in a secure location, do not leave it unattended.
• Never sign blank cheques. Always ensure the name of the payee, date and amount has been filled first before signing on the cheque.
• Do not use erasable ink when filling and signing a cheque.
• Tally the physical count of cheque leaves within your book with cheques already issued.
• Make it a point to review monthly account statements regularly.

Avoid compromising your payment data by requiring at least two persons in your organisation to sign-off/approve a payment or changes to payment information. If you receive a request from a supplier to update bank account details, or validate a payment, always call back to check it’s genuine.

Protect against misuse of sensitive information with two-factor or multi-factor authentication. This means systems access is enabled using two or more authentication information, in addition to a password.

Ensure your staff are fully aware of the risks. A simple awareness step is to encourage your staff to view the information on this page.