(CMR) The RCIPS Financial Crime Investigation Unit is investigating reports of persons attempting to unlawfully obtain funds by authorizing fraudulent transactions via email. This is done by impersonating, or gaining access to, an email account of a person with the authority to approve such transactions.
The culprits will then send emails to a financial institution or business that appears authentic, requesting that some funds be transferred.
In order to avoid falling victim to these schemes, it is advised to do any confirmation of transactions via telephone, in-person, or by some means other than email if there is any doubt as to the validity of these transactions. Unfortunately, although attempts to confirm the transaction are usually conducted, this confirmation is also often done via contact with the same email address that made the initial request.
The RCIPS Cyber Forensics team also advises individuals and businesses to ensure that the platforms used to access email are kept up to date, as older versions of operating systems and programs may have security vulnerabilities that can be exploited to gain access to email accounts. Using multi-factor authentication on email systems to reduce the chance of compromise is also strongly advised.
In many cases, however, the original email account may not have been compromised. Instead, a seemingly authentic email request is sent from an email address that very closely mimics the authentic email address. This fraudulent email address may have an extra letter, be missing a letter, or have some other subtle difference that would not be readily apparent at first glance. Thus, it is good practice to double-check the address used, if an emailed transaction request appears suspicious or unusual.
In a recent report, an attempted fraudulent transaction of a significant amount of funds was prevented simply because the request was followed up by a phone call to the person who was purported to have made the request. The person was able to confirm that they had not made the request, the transaction was canceled, and the matter was referred to the police. It is currently under investigation by the RCIPS FCIU.
As always, the public is advised to monitor their banking statements closely, and if you notice any suspicious or unauthorized transactions, immediately inform your bank and contact the RCIPS Financial Crime Investigation Unit at [email protected]. . Identifying and reporting suspicious or unauthorized transactions in a timely manner allows you to prevent further transactions from occurring, the funds from which may be difficult to recover.