A new level of cyber fraud - keeping an eye on your money

March 2020 – An e-mail arrives from a long-term business partner’s e-mail address, informing of a change to their billing account number. The email appears to match familiar identifiers, such as the name, domain name, company name, etc. But, in reality, this address was established in another country by a “shell” company seeking to stealthily divert a legitimate payment to a bogus account. Such are the means by which companies can lose millions to scammers. Increasingly, tech-savvy criminals are using artificial intelligence-based software to imitate voices over the telephone, and even to make scam video calls using so-called “deepfake” technologies. Time to be even more careful with your money…

In 2018, the Czech Republic recorded 6,553 internet-related crimes. In Estonia, 965 cybercrimes were recorded last year. But this is really just the tip of the iceberg. Back in 2015, the Port of Tallinn fell victim to a cyber attack, when a ransomware virus encrypted a significant amount of the port’s business-related data. The port refused to pay the ransom, and although most of the files in question were recovered, certain data was nonetheless lost. The attack also proved to be a major embarrassment. One wayward click—and suddenly a port is at the centre of a cyber-attack storm. In January 2020, a hospital in the Czech town of Benešov made headlines when it fell victim to a cyber attack, leading to the encryption of its systems. A subsequent investigation discovered that the infected computers were prompting users to contact the hackers—albeit no specific ransom claim was ever made. The attack caused weeks of disruptions at the hospital and several crucial medical devices were also affected. Investigators believe that the computer virus may have lay dormant within the hospital’s systems for months before it finally activated.

Cyberattacks continue to become more sophisticated. Simple credit card phishing schemes are evolving into targeted—and thus dangerous—mass scamming operations. Phishing usually involves bulk emails sent to a large group of people. In 2019, a wave of spam e-mails was sent to Estonia, claiming that the recipient’s e-mail address had been taken over, and that embarrassing and obscene conduct had been captured by the user’s own web camera. The supposed solution to this predicament: avoid potential embarrassment by sending money to a specific Bitcoin wallet. But the general response by the Estonian recipients was unusually defiant—meaning that the architect of the ransom attempt was left with an empty wallet. Nonetheless, according to Fortune magazine, criminals around the world have made millions in Bitcoin wealth through such schemes. A wave of cyberfraud that hit Sweden back in 2013 falls into the same category. As part of this coordinated scam, thousands of Swedish citizens were sent bogus bills demanding payment for supposedly consumed internet-based pornographic content. In this case, the victims paid out many millions of crowns to the scammers.

Ordinary and relatively low-success mass spam mail phishing campaigns are designed to ensnare a multitude of individual victims. More advanced form of personalised “spearfishing” is believed to have an almost fifty per cent success rate for criminals. When the stakes are high, such criminals naturally devote more of their own resources to ensnare the intended high-reward victim. Only recently, we had a client that was a victim of a scheme in which a criminal network linked to a specific company was able to steal millions through scams; the network established itself in numerous parts of the world within a just a matter of weeks. Criminal methods continue to evolve and adapt in terms of ensuring the compliance of victims. A genuine-looking invoice is sent from a very similar-looking email address, containing the details of a bank account under the control of criminals. The victim is often also contacted via telephone, seemingly on standard day-to-day business. Considerable alertness is required to detect such carefully orchestrated scams. We have also seen examples of Estonian criminals directly targeting companies in their native country via deceptive identities. The same scheme is currently actively being used in the Czech Republic. To combat such scams, it is particularly useful to raise staff awareness via training, internal guidelines, and informing management of any sudden changes to the billing and invoicing details for long-term partners and clients.

In reality, absolute security can no longer be guaranteed, even through fact-checking and telephonic verification. This is because criminals have begun to use artificial intelligence-based technology to reproduce the voices of their victims. Indeed, they are now even able to make more-or-less credible video calls impersonating the facial appearances of people known to the intended victims. In 2019, the top executive of a UK energy company fell victim to such a trap. He believed that he was communicating with his immediate manager from Germany, who asked the executive to transfer EUR 240,000 to a Hungarian supplier. This was a meticulously planned scheme. As soon as the money was transferred, it was immediately broken down into smaller sums and sent to various accounts around the world, making it almost impossible to trace via standard police methods. We have also seen similar cases in Estonian banks. Time and again, eyebrows have been raised by how significant sums have been transferred by victims with such ease and with such apparent naïve good faith.

The classic model of cross-border law enforcement cooperation between nations is increasingly lagging behind the technical prowess of organised criminal networks. However, international cooperation between businesses can lead to the millions lost to such scams being recouped by victims. The key to such cases is prompt action and increased transnational cooperation.

This fight is undoubtedly being assisted by banking AML (Anti-Money Laundering) and KYC (Know Your Customer) rules. What is still needed, however, are rapid reforms to the process of international cooperation against cybercrime, including fostering greater international police cooperation. The tools that are currently in use for this fight resemble the archaic 20th century snail mail used by the diplomatic services. Today, it can still take more than a year to receive a response to an inquiry made to Cyprus, the UK or the Netherlands about what happened to money that has just been transferred to these countries, including details on the identities of the apparently fraudulent companies receiving such funds. By then the trail has usually gone cold. It is time for investigative toolkits to be updated to meet the needs of the 21st century.

Article wrriten by Zdeněk Kučera, Head of Litigation and TMT, Kinstellar's Prague office, and by Carri Ginter, Partner, Head of Litigation, Sorainen law firm, Tallinn.

    • SHARE