Five new victims in email hacking scam
International fraudsters are continuing to plunder hundreds of thousands of dollars from Cayman bank accounts in a sophisticated email hacking scam.
Five new cases have been reported in the last month involving Cayman Islands residents who had email accounts hacked and bank details stolen by criminals who fraudulently transferred funds to foreign bank accounts.
The largest recent case involved the theft of more than $150,000 from one account. People using Gmail or candw.ky addresses are most vulnerable, according to police, who are warning residents to limit their use of email for financial transactions.
Cayman police warn the chance of actually catching the crooks behind the scam, believed to be Far East crime syndicates that operate in multiple countries, are slim.
They say prevention is the best form of defense for people in Cayman and urge anyone making email transfers to take extra precautions to ensure wire instructions are legitimate.
In the bulk of the cases in Cayman, the victim had previously sent legitimate wire instructions to their bank via email, along with a copy of their signature, requesting a money transfer to a foreign bank.
The emails have been uncovered by hackers, who used the data to make a second wire transfer, moving the cash around a network of accounts, often before the crime is detected.
“If you normally conduct your banking by email and send wire instructions to your bank by way of email, please be extra vigilant,” the Royal Cayman Islands Police Service said in a statement.
“Bank customers should follow up with their banks to confirm that they have received the correct wire instructions. Likewise, businesses and vendors should confirm by telephone that wire instructions are legitimate.”
Anhill Carsana, a computer forensic examiner with the Financial Crime Unit, said around a dozen cases had been reported this year of fraudulent wire transfers being attempted following email breaches, including five in the last month.
He said some of the fraud had been detected through follow-up calls from banks or businesses involved in the transactions, but others had gone through.
Banks typically compensate customers in such cases though it is not clear whether they are compelled to do so under Cayman law.
“This appears to be a global trend. The chances of catching anyone are fairly slim, which is why we want to warn the public that this is happening and ask them to be vigilant if they are doing financial transactions by email.”