Cedrus I-Banking
Video Chat
Become a Client
+961 1 236 600

Financial Cybercrimes

Guidelines for fighting Financial Cybercrimes

Introduction

Financial cybercrimes are acts, attempted acts or actions, whether local or cross-border, committed with criminal intent, by individuals or organized groups in an attempt to violate banking accounts or financial and personal information using various electronic and technological methods. This crime encompasses for example, acts of fraud, theft, embezzlement, blackmail, sabotage, and spying using electronic means.

Each crime has specific characteristics and elements, and the persons concerned should pay attention to its indications and implement due diligence to identify and prevent them and take the necessary measures to fight them.

Below is a summary, by means of enunciation without limitation, of examples of criminal acts committed using the e-mail and which banks, financial instructions, financial mediation institutions (financial sector” (first type) or individuals and other non-financial institutions and authorities (second type) are subject to.

 

Examples of criminal acts committed against individuals and other non-financial institutions and authorities

For the purpose of this exposition, the expression: “Company E-mail Compromise” shall mean hacking into the email of an individual, or a non-financial institution or authority. This type includes the following events (typology):

  • Company Email Compromise – CEC1:

    An unknown person (hacker) has unauthorized access to the email of the “supplier” (the supplying company, trader or any of the service providers that the client of the “financial sector” deals with, or creates a similar email and uses any of them to correspond with the client to request making a transfer to an account abroad or inside Lebanon supposedly in exchange for merchandise or a service provided by the “supplier”: or a company connected to it or employed by it.   For his part, the client corresponds with the bank, financial institution or financial mediation institution that he deals with to request a transfer from his account to the account specified in the alleged “supplier’s” email or heads in person to the bank, financial institution or financial mediation institution to request filling a transfer form, and it later appears that the client was victim of cybercrimes.

  • Company Email Compromise – CEC2:

    An unknown person (hacker) has unauthorized access to the email of the client or creates a similar email and uses any of them to correspond with one of the “suppliers” that the client deals with to make a transfer from his account to an account abroad or inside Lebanon supposedly pertaining to the client or his company. On his part, the “supplier” either corresponds with the bank, financial institution or financial mediation institution that the supplier deals with to request a transfer from one of his accounts to the specific account mentioned in the alleged client’s correspondence, or one of his delegates heads in person to the bank financial institution or financial mediation institution to request filling a transfer form, and it later appears that the “supplier” was victim of cybercrimes.

  • Company Email Compromise – CEC3:

    An unknown person (hacker) has unauthorized access to the email of an executive manager at a company or creates a similar email (especially when this manager is absent due to travel) and uses any of them to correspond with branch managers or financial officials to request suspicious financial or banking transactions. On his part, the manager concerned executes the banking or financial transaction and later appears to have been a victim of cybercrimes.

  • Email Compromise by Social Engineering:

For example, an unknown person (hacker) has unauthorized access to the email of a physical person or creates a similar email and uses any of them to correspond with the acquaintances, friends or relatives of the physical person or other persons while specifying an account for whoever wishes to support the person’s need due to financial difficulty. The persons concerned make the transfers from their accounts to the specified account, and it later appears that they have been victims of cybercrimes.

 

Instructions for individuals and other institutions and non-financial authorities

 

1. Indications of Cybercrimes

Cybercrimes may take on different forms. The following indications, by way of example without limitation that may assist in discovering such crimes should be taken into account:

  1. Difference in the email attributed to the “supplier” in one letter, number, code or sign whereas, for example, the letter “g” is replaced with “q”.
  2. Email attributed to the “supplier” in which the sender claims that the “supplier’s” account number changed for many unconvincing reasons and pretexts, including audit procedures conducted by control or taxation authorities on the “supplier’s” accounts, or the deterioration of the relation with the previous bank due to high commissions.
  3. Email that includes instructions to send transfers to an account opened abroad under a name similar or identical to the “supplier’s” name, but with a new account number different from the “supplier’s” account number adopted according to the documents filed by the individual or the company concerned.
  4. Email attributed to the “supplier” in which the sender requests not to contact the “supplier” via phone to validate any amendment or change in the name of the beneficiary bank, beneficiary financial institution or beneficiary financial mediation institution, or the name or account number of the beneficiary.
  5. Email attributed to a bank, financial institution or financial mediation institution, in which the sender claims that the bank, financial institution or financial mediation institution is updating the file of one of their clients, and requests specific information in this concern.
  6. Email attributed to the “supplier” which involves unusual or flagrant grammatical errors.
  7. Email attributed to the “supplier” involving syntax and language different from previous correspondence.
  8. The letters and numbers in the invoice attached in the suspicious email are not consistent in terms of size, format and color.
  9. The transfer request attached on the suspicious email has a signature similar to the “supplier’s” signature.
  10. Email attributed to the “supplier” addressed to the recipient company in general and not to the officer who usually receives instructions from the “supplier” to execute them.
  11. Email different from the “supplier’s” email.
  12. Email attributed to the “supplier” which includes instructions not similar to the previous instructions.
  13. Email attributed to the “supplier” addressed to the individual/company in addition to a third party who is not related to the requested transfer.
  14. The “supplier’s” address is located in a country different from the one in which the beneficiary bank, beneficiary financial institution or beneficiary financial mediation institution operates.
  15. Email attributed to the “supplier” or another person in which the sender requests information of banking and financial account and/or any other sensitive information.
  16. Email that includes a link to a website that requests financial or personal information.

 

2. Cybercrimes Prevention Policies and Procedures

The following prevention measures should be adopted:

  1. The client specifying more than one method of communication with all his “suppliers” to confirm the instructions sent by them before executing them (tel, fax, email, name of contact persons).
  2. Contacting the “supplier” by phone on the numbers specified by him and registered in the records of the individual/company and not on the numbers mentioned in the email, for the purpose of confirming the components of the transfers in terms of the name of the beneficiary bank, beneficiary financial institution or beneficiary financial mediation institution and the beneficiary’s name and account number, and the attached documents.
  3. Not providing the “supplier” or any other party by email of any private financial information related to the name of the bank, financial institution or financial mediation institution that the individual/company deals with, the account number and balance and the transactions executed on it.
  4. Being wary of the phone call or email that requests financial information under the pretext of updating the individual/company’s personal and financial files.
  5. Abstaining from replying to any received email by clicking on the “Reply” option and instead clicking on the “Forward” option to choose the email from the mailing list because the name of the sender which appears in the email may not be effectively his but to a hacker who created a similar email. Any manipulation in the email address can be detected by opening the “reply” option (without using it) and checking the identity of the sender.
  6. Confirming all the details of the email and paying attention to any suspicious email of untrustworthy source similar to the “supplier’s” email
  7. When sending emails to many persons, the email addresses should be put in the BCC section so that third parties don’t see and try to hack them.
  8. In the event of inability to contact the “supplier” using any of the agreed upon communication methods, there should be abstention from asking the bank, financial institution or financial mediation institution to make the transfer until confirmation of the validity of the instructions received or sent by email.
  9. Taking note that the bank, financial institution or financial mediation institution will abstain from making the transfer or executing any other instructions in the event of failure to contact the individual/company using any of the agreed upon communication methods to confirm the transfer request received by email.
  10. The necessity of using at least two emails:
    • The first for all correspondence related to money transfers with the bank, financial institution or financial mediation institution and making sure it doesn’t mention the Business Card.
    • The second dedicated for social media sites.
  11. Not to use a unified password for more than one email or website. In addition, a strong password should be used and changed constantly with activation of two-step verification. For example, the password cannot contain the following:
    • Simple samples from the keyboard, a series of numbers, letters or repeated letters such as AAAa, 1234, abcdef, qwerty)
    • Words printed backwards, such as backwards=sdrawkcab.
    • Short, incomplete or false words such as “Helo”.
    • Short consecutive words such as “Catcat”.
    • Words preceded or followed by one code such as “%hello, Apple3”
    • Personal information (date of birth, name, surname)
  12. Being wary of incoming correspondence that include suspicious attachments such as: pif, shs, dif, vbs, bat, exe, com, cox, dll, scr, for containing potential malware.
  13. Updating the browser used on electronic devices regularly.
  14. Using the original version of the anti-virus and updating it constantly.
  15. Activating the email’s “Recent Activity” feature. In the event of any suspicion around this activity, the password should be changed immediately.
  16. Being wary of browsing the email over a public Wi-Fi.
  17. Keeping the information stored on a Mail Server for more than 3 months if possible.
  18. Abstaining from shipping goods to importing companies abroad prior to confirming the validity of payment instructions by phone using one of the agreed upon communication methods.
  19. Ensuring that insurance policies cover risks associated with the execution of financial and banking transactions via email.
  20. Being wary of the email that contains a Real Time Transfer request.

 

3. Correction Measures

Upon discovering, knowing or being informed of the occurrence of cybercrimes, fast and effective measures should be taken, including at least the following:

  1. Advising the bank, financial institution or financial mediation institution concerned immediately and providing them quickly with all the relevant information to conduct the necessary.
  2. Communicating with the “Supplier” on the adopted contact numbers to notify him of the perpetration or attempted perpetration of cybercrimes and drawing his attention to the necessity of contacting his clients by phone and letting them know that they may be subject to electronic hacking.
  3. Filing a lawsuit before the competent judicial authorities and keeping all digital evidence.
  4. Changing the password immediately.
  5. Making sure to preserve email correspondence without deleting or altering them for the possibility of using them in any investigation.
  6. It is better to go over all transactions with the “supplier” to make sure that he was not previously subject to other cybercrimes, and advising the bank, financial institution or financial mediation institution concerned of the result of this review.

In conclusion, all stakeholders in fighting cybercrimes should be advised to conduct periodic follow ups of the international developments and guidelines and Best Practices relevant to the matter for the purpose of updating and improving the adopted procedures to put an end to this crime.

You can check the Guidelines for fighting financial Cybercrimes here