The Hushpuppi Saga is a trending story that many people have shared severally on different social media platforms around the world. It had also generated a lot of controversies. However, we need to ask ourselves a very important question about this trending story.
Why is it that so many victims fell for the scam?
The answer is simply because the defrauded victims had little or no knowledge about "Business Email Compromise Scam" which was the strategy used by Raymond Abbas aka "Hushpuppi" for the affected victims.
What is Business Email Compromise?
Business Email Compromise (BEC) is a kind of fraud in which cyber criminals hack into a corporate email account and impersonate the real owner of the email account in order to lure the company, its employees, partners or customers into transfering money or sensitive information to the cyber criminals or divert their payments to another account created by the cyber criminals.
How it works:
The cyber criminals will do a thorough research about the unsuspecting company's email address through their profiles, websites, social media posts, YouTube channels, journals, press release etc.
Alternatively, they will create an email address that is very similar to that of the unsuspecting company's email address. In some cases they will disguise as the director, partner, lawyer or customer of the targeted companies and use their identities to obtain personal or sensitive information through email.
Research revealed that Business Email Compromise Fraud had already cost the United States Businesses at least $1.6 billion in losses from 2013 till date.
A typical example of a Business Email Compromise (BEC) was recently reported in the news and had gone viral on social media with thousands of views within few days of the report. In the report, a 38-year-old Nigerian, Raymond Abbas aka Hushpuppi was arrested along with 11 others by the Dubai Police. They were accused of being involved in a "Business Email Compromise" and other forms of internet fraud in which 1,926,400 victims were said to have been targeted by the syndicate.
The major reason why so many unsuspecting individuals and companies fall victim to Business Email Compromise Fraud almost every day is because they lack vital information about it.
How can you protect yourself or your company against Business Email Compromise (BEC) Scam?
You must educate yourself about the warning signs and other safety tips.
Warning Signs of a Business Email Compromise Fraud:
1. It comes with a sense of urgency. e.g. urgent payment, urgent response, urgent subject matter etc. The fraudsters want their victims to respond quickly before they can think clearly.
2. Sudden change in email address. e.g. When you notice a sudden change in the email address of the CEO, customer, lawyer or staff of the company you are dealing with, be suspicious.
3. Sudden change in website: When you notice a change in the website of any company before, during or after a transaction, you should be suspicious.
4. Sudden change in contact telephone number.
5. Sudden change in bank account details.
6. Introduction of third party email into the business transaction.
How to avoid Business Email Compromise Fraud:
1. Individuals and companies should educate themselves on how to avoid Business Email Compromise Scam.
2. When a change in email address, phone number, bank account details, website etc is noticed, report immediately to your bank or anti-fraud agencies.
3. Always use firewall, antivirus and other tools to scan your computers, mobile phones and other devices to prevent malware infections.
4. Before you provide any sensitive, personal or company's information on any website, make sure you verify the authenticity of the website.
5. If you receive an email that notifies you of a change in the mode of payment or a change of bank account details, make sure you investigate thoroughly by contacting the supposed receiver of the payment via another channel. e.g. phone calls, courier services etc.
6. If you are a victim of Business Email Compromise Scam, report immediately to appropriate authorities for urgent action. e.g. your bank, police or anti-crime organisations.
BY Rotimi Onadipe
CEO - Onadipe Technologies,
National Coordinator - Internet Abuse Awareness & Prevention Project, Nigeria.