Beirut – Fall 2015

 

 

Special Investigation Commission

Cyber Crimes

OverviewOverview

During the period extending between 2014 and till date, the SIC received approximately 35 STRs and 80 requests of assistance concerning acts of piracy conducted through the internet that led to the withdrawal or the attempted withdrawal of funds from accounts of natural and legal persons at banks and financial institutions operating in Lebanon, out of which the following two cases:

11stst Case Scenario (1) Case Scenario (1)A local bank reported the following:

On 19/12/2014, the bank executed a transfer for EUR/48,000/ based on a request received from the e-mail of a local company to wire the funds to an account at a bank in a European country.

Shortly thereafter, the bank received another request bearing the signature of the company’s legal or authorized representative to wire the funds to a an account at a bank in another European country.

11stst Case Scenario (2) Case Scenario (2)Subsequently, the bank executed the transfer in accordance with the instructions received through the 2nd request.

When the foreign exporting company did not receive the funds, it notified the local company. It was revealed that the amended request (2nd request) was received by the local company from an unknown person who had used the e-mail of the foreign company, and presented himself as the manager of the company and as such the trick deceived the local company.

Hence failure to adopt proper Due Diligence procedures may lead to a financial damage.

SIC DecisionSIC DecisionSought the assistance of concerned counterpart FIU to do the following:•Provide the full identification details of the name of the account holder to which the funds were wired.•Provide police / judicial records•Identify partners/ business associates of the beneficiary abroad and in Lebanon•Freeze the concerned bank account, in case the funds were not yet withdrawn.Sought the consent of concerned FIUs to disseminate any information that they may provide in this regard to the DISF and GP office.

22ndnd Case Scenario (1) Case Scenario (1)

A local bank reported the following:

On 10/2/2015, the bank received an e-mail from a customer, to which was attached a file containing written instructions bearing the customer’s signature to execute a transfer for USD /220,000/ to a foreign bank account pertaining to a legal person.The bank’s suspicion rose due to the following:

22ndnd Case Scenario (2) Case Scenario (2)The customer has never executed in the

past transfers having a commercial nature.

He has never sent in the past similar instructions through his e-mail .

The purpose of the transfer is not clear.The customer’s account reflects an

insufficient balance; knowing that he follows upon his accounts properly and is aware of their balances.

22ndnd Case Scenario (3) Case Scenario (3) Since the bank’s procedures stipulates that

all payment instructions should not be processed unless verified in writing or over the phone, irrespective of the value of the transfer, the bank contacted the customer who confirmed neither having signed nor sent the instructions through his e-mail.

Subsequently, the CDD measures uncovered the scheme that could have led to a financial damage.

SIC DecisionSIC Decision

Provided the information contained in this report to the concerned FIU

Gave its consent to the said FIU to disseminate the information to the local police for intelligence purposes only.

CybercrimesCybercrimesIn light of the SIC strategic analytical function, we conducted a review of the cases on a consolidated basis, where it was revealed that they could be summarized in three categories.

11stst Category CategoryInvolves the presence of an unknown individual who infiltrates the e-mail of a customer of a bank or establishes a seemingly similar e-mail to contact the bank to execute an outgoing transfer from the customer’s account to an account selected by himself; in turn, the bank undertakes the ordinary due diligence measures and executes the requested transfer; later on, the bank realizes that it is a victim of fraud and piracy.

22ndnd Category CategoryInvolves the presence of an unknown individual who infiltrates the e-mail of an exporting company with which the customer deals or establishes a seemingly similar e-mail to that of the said company to contact the customer to execute an outgoing transfer to an account selected by himself against merchandise or service rendered; in turn the customer executes the requested transfer to realize that he was a victim of fraud and piracy.

33rdrd Category CategoryInvolves the presence of an unknown individual who infiltrates the e-mail of a customer of a bank or establishes a seemingly similar e-mail to contact a foreign importing company (imports merchandise from the customer), asking it to execute an outgoing transfer from its account to an account selected by himself against the purchase of imported merchandise; later on, the foreign importing company realizes that it is a victim of fraud and piracy.

Examples Indicative of CybercrimesExamples Indicative of CybercrimesReceipt by the bank of an e-mail seemingly similar

to that of the customer in which the sender requests to execute a transfer to the customer’s account or to a third party account in a foreign country.

E-mail sender pretends to be in a hurry or to have an urgent matter or to have changed his banking account and can not be reached by phone or fax.

Receipt by the bank of an e-mail from the customer in which he requests to execute a transfer to an account other than that of the company that he regularly deals with.

Examples Indicative of CybercrimesExamples Indicative of Cybercrimes

Receipt by the customer of an e-mail seemingly similar to that of the company that he regularly deals with in which the sender requests to execute a transfer to an account other than that of the company.

Receipt by the customer of an e-mail from the company that he regularly deals with in which the sender requests to execute a transfer to a third party bank account against the purchase of merchandise from the said company.

Examples of Seemingly Similar E-mailsExamples of Seemingly Similar E-mails

If we assume that the actual e-mail is Claire.fg1@gmail.com, seemingly similar e-mails could be as follows:Claire.fq1@gmail.comClaire.fgl@gmail.comCliare.fg1@gmail.comClare.fg1@gmail.comOthers

Suggested CCD MeasuresSuggested CCD Measures Maintain a Global Address List or a list of Maintain a Global Address List or a list of

the e-mails of your customers on your the e-mails of your customers on your computer.computer.

Always initiate a new e-mail by referring to Always initiate a new e-mail by referring to the listthe list

Never make a reply to an e-mail, even if you Never make a reply to an e-mail, even if you identify your customer as the e-mail sender.identify your customer as the e-mail sender.

Pay attention to any discrepancy between Pay attention to any discrepancy between the e-mail address of the customer and that the e-mail address of the customer and that of the senderof the sender

Pay attention to any grammatical mistakes Pay attention to any grammatical mistakes (i.e. god day instead of good day, etc…(i.e. god day instead of good day, etc…

Suggested CDD MeasuresSuggested CDD Measures Usually the e-mail letter is addressed in Usually the e-mail letter is addressed in

general and not to any specific person (i.e. general and not to any specific person (i.e. Dear staff member, or Dear customer…)Dear staff member, or Dear customer…)

Pay attention to any change in the payment Pay attention to any change in the payment instructions.instructions.

Never execute instructions to wire money Never execute instructions to wire money out of your customer’s account without out of your customer’s account without confirming said instructions by a telephone confirming said instructions by a telephone call.call.

Phone confirmations should be made by Phone confirmations should be made by staff who knows your customers and most staff who knows your customers and most often speaks to them over the telephone.often speaks to them over the telephone.

Suggested CDD Measures Suggested CDD Measures Always send a carbon copy of your e-mails to Always send a carbon copy of your e-mails to

your supervisor to warrant dual control.your supervisor to warrant dual control.

Allow your system to generate automated carbon Allow your system to generate automated carbon copies of your e-mails to your supervisor to copies of your e-mails to your supervisor to warrant dual control.warrant dual control.

Consider to do the following before the execution Consider to do the following before the execution of the transfer:of the transfer:

Either notify your customer via SMS text Either notify your customer via SMS text messagemessage

Or ask your customer via SMS text message to Or ask your customer via SMS text message to contact you to verify the authenticity of the contact you to verify the authenticity of the transactiontransaction

Suggested Due Diligence Suggested Due Diligence Measures Measures

Obtain senior management approval before Obtain senior management approval before executing transfers that exceed a certain executing transfers that exceed a certain designated threshold.designated threshold.

Ensure that insurance policies pertaining to the Ensure that insurance policies pertaining to the bank cover the risks associated with such bank cover the risks associated with such transactions.transactions.

Suggested Due Diligence Suggested Due Diligence Measures Measures

Notify customers to refrain from executing Notify customers to refrain from executing transfers to foreign exporting companies transfers to foreign exporting companies or or from the shipment of merchandise from the shipment of merchandise to to foreign importing companies before foreign importing companies before

confirming, via a telephone call, confirming, via a telephone call, thethepayment instructions payment instructions dispatched or dispatched or receivedreceived through through the e-mail. the e-mail.

THANK YOUTHANK YOU