High alert
THE Bank of Jamaica has disclosed that over $150 million was stolen from Jamaican bank accounts between January 2020 and December 2021 in online fraud.
In an update, the Jamaica Bankers Association (JBA) said it has identified two principal causes of the problem. The main cause comes from external events and includes money muling.
Expert bank fraud source St Pauls Chambers defines money muling as money transfer scams which occur when a scammer tricks victims into transferring money from their bank account. The money transfer scam artist poses as a bank or other legal person.
In response to these and other types of fraud, it is noted that banks are following a new set of standards to protect their customers against any potential money transfer scams. The new standards include pinpointing vulnerable customers to decrease levels of bank transfer fraud victims; and delaying or freezing payments that might be classed as a money transfer scam.
Banks have also introduced confirmation of payee (COP) checks to tackle bank transfer fraud with additional checks on transfers to ensure that transferred money reaches the right account.
This measure is an effective way of checking that the payee name entered into the transaction, alongside the sort code and account number, matches the name registered to the account.
The JBA indicates, “The COP system works as many bank transfer fraud victims will know the name of the person or organisation they wish to send payment to, so when a fraudster supplies false payee details, this attempted transaction will be flagged as a warning to the bank. These checks can protect against fraudster intervention, tampered invoices, coercion or impersonation.”
Executive director of the JBA Richard Murray told the Jamaica Observer, “The vast majority of online fraud is external to the bank/centred around the customer, usually related to social engineering events, such as phishing, where the customer inadvertently volunteers the data.
“The minority are internal to the bank and usually result in prosecution as audit trails identify those culpable, and local banking culture is to prosecute [as evidenced by recent high profile matters].”
He outlined that principal strategies to reduce the rising losses due to online fraud include “customer education campaigns carried out by JBA and its individual members, which remains the most effective tool and as such you will continue to see advisories from all our members to their customers if and as potential exposures are identified.”
Money muling
According to UK Finance, more than £208 million was stolen from bank transfer fraud victims through money muling of bank transfer fraud in Britain during the first half of 2019.
The JBA says the local experience of money muling involves receiving money from a third party into one’s bank account and transferring it into another or taking it out in cash and giving it to someone else.
Increasingly, the JBA outlines, young people are becoming targeted on social media and being pulled into bank transfer fraud and, by extension, money laundering by participating in money muling.
Fraudsters generally target under 25s with no criminal record and offer a “get rich quick” arrangement whereby the victim agrees to have funds placed in their bank account and follow instructions to transfer it onwards or extract it in exchange for a payment.
Even if the mule is unaware of what is going on, they are still committing a crime by allowing their account to be used for fraudulent activity. Not only could this result in imprisonment for up to 14 years, but it also makes it difficult to apply for a mortgage or to open a bank account in the future, which could impact their ability to be be paid by an employer.
The JBA indicates that customer education campaigns and various monitoring tools employed across the banking networks have allowed for awareness and quicker identification of fraud events, which makes banking generally safer.
Phishing
The JBA says phishing is a type of money transfer scam where fraudsters ask victims for personal details via e-mail, such as passwords and bank account details.
In this form of bank transfer fraud, phishers pose as legitimate companies or imitate trusted contacts, such as the victim’s bank, to trick the victim into handing over sensitive information. This sensitive information can then be used to hack the victim’s bank account and make unauthorised transfers into the fraudster’s account.
Lottery and sweeps
In lottery and sweep scams, victims are notified that they have won a lottery or sweepstake and are asked to pay a fee in advance to receive the prize.
Charity money scam
Under the charity money scam, fraudsters pose as a fake charity and contact unwitting victims, persuading them to transfer money into the non-existent charity’s bank account as a ‘donation’.
The stranded traveller is another trick whereby fraudsters hack an e-mail account and send e-mails to everyone in the e-mail address. These e-mails typically follow a generic storyline, such as being stranded abroad and in need of a loan to help them get back after being robbed.
Yet another scam occurs with online dating. Fraudsters pose as a love interest on an online dating site and earn the trust of the bank transfer fraud victims. Once an emotional connection has been established, the fraudster asks the victim to wire them money to help them.
The JBA also highlights fraud committed through social media.
Scammers offer mainly young people a ‘get rich quick’ arrangement whereby the victim agrees to have funds placed in their back account and follows instructions to transfer it onwards in exchange for a payment. However, this is a technique fraudsters use to make illegally acquired funds more difficult to trace.
Fears
It is noted that fraudsters play on victims’ fears or create a false sense of urgency. It is noted that communication fraud, involving texts, e-mails, or social media messages, may include grammatical errors or bad links that don’t actually go where they’re supposed to.
Even when e-mails or contacts seem to be coming from a trusted official source, individuals should know organisations will never contact an individual requesting full password or PIN information.
The JBA warns that a link in an unexpected e-mail or text could potentially be a phishing link which will trick the victim into providing personal information. Also, viruses from such links can infect a computer with malware that can capture all information entered into the device, such as passwords and credit card numbers.