BY Ruwan Laknath Jayakody
The Sri Lanka Computer Emergency Readiness Team (SLCERT) has, over the past three months, received over 10 cases of local business folk being defrauded of a combined sum of approximately USD 100,000 following their electronic mail (email) accounts being compromised by hackers.
Senior Information Security Engineer at SLCERT, Roshan Chandraguptha said that those affected were exporters and importers, both groups who have dealings with foreign parties and who most frequently communicate via e-mail, and less frequently through calls.
For example, when an importer places an order for a consignment, a certain payment would have to be made and generally the importer then instructs his/her bank to make the said payment to the bank account of the overseas party he/she has been dealing with. However, in the case of these complaints received by the SLCERT, the local-based importer had received an email (which looks like having come from the original source, yet in reality is compromised) which either stated that due to an ongoing audit process at the regular bank, the amount be therefore deposited to a different bank account or that because all of the foreign party’s customers are being shifted to a different bank, for the monies to be deposited to a different bank account, he added.
This is why one must verify the information in the email about the change in the deposit bank account by calling a known number which had previously been used by the importer, he explained.
In one particular instance, a local businessman had called the number in the email containing information about the change in the deposit bank account and spoken to a hacker or a person attempting to cheat him, and thereby been cheated, he noted.
Exporters too had been cheated because the foreign party had been reached in prior via email with the request to deposit money to a different account and had in turn made the payment. In the case of the latter, one must through fax or another medium, other than email, inform the party overseas that there had been no change in the deposit account, he further explained.
“When one gives instructions to one’s bank to make a deposit, the bank in turn executes the transaction. If it is not the correct bank account, one ends up losing money. Last year, there were many such cases. This year until now, there had been a drop, yet during September, October and November, we received over 10 complaints from those who had been similarly cheated. Some have lost USD 50,000 while others have lost USD 1,000. The combined sum total of the defrauded amounts, adds up to USD 100,000,” Chandraguptha said.