MANILA, Philippines - Cases of Internet fraud are on the rise worldwide, as IT-savvy individuals and groups make increasing use of the vast information accessible on the Web to siphon off large amounts of money from companies.
The warning came from Susan Kendall, a partner at Hong Kong law firm Baker & McKenzie who flew in to Manila recently to speak at a seminar on e-commerce.
Kendall said that as companies rely more and more on information technology to facilitate communication and transactions, they also become increasingly vulnerable to online criminal syndicates.
These groups commonly use phishing to fish for sensitive information and employ malware or ransomware to install spy cameras on computers to access crucial data, she said.
And once a company has been defrauded, there are many problems with taking civil and criminal recourse to recover stolen money.
For one, “it is difficult to pursue the fraudster,” said Kendall, since the person’s given identity is fake to begin with, there was no face-to-face meeting to pinpoint the culprit, and the perpetrator is likely located in a different country or even continent.
It is also oftentimes costly and time-consuming, requiring pressing charges in court, consulting lawyers, and coordinating with global law enforcement agencies.
Kendall suggests that companies focus more on prevention, and take steps to protect important data.
For one, check the sender’s email address carefully. “Beware of emails coming from personal or non-business accounts,” said Kendall.
There are also emails that imitate closely a company executive’s email address, so that the recipient is lulled into thinking that the email came from a superior, and thus is duped into sending the account number or password being requested.
“Be suspicious of unusual (money) transfer requests,” she added, especially email messages that demand urgent action or indicate that the instruction is strictly confidential and known only to top management.
A protective measure against such requests is to implement a policy requiring a waiting period for the release of sensitive data, she said.
Kendall also advises protecting the identity of staff members who have fund-transfer functions by not including their titles or responsibilities in the online corporate page.
“Be alert to unusual requests to confirm contact or personal details from external parties,” she added.
Practicing basic cyber security protocols will also help. These include updating security software, avoiding clicking on suspicious email attachments, and steering clear of potentially malicious websites.