Social & Health Insurances SZV has recently been targeted by a seemingly international phishing scam. As a good corporate citizen, SZV takes this opportunity to warn businesses and institutions on island to be on the “lookout” for this. The scam took place via e-mail correspondence, where the scammers posed as a company insider that requests and approves financial transactions. The scam was of such a sophisticated nature that protocol was not breached. This lead to no initial suspicion of the action. SZV has since increased its ICT security measures as well as its banking protocols, which will now include additional manual checks.
SZV is aware that other local and regional entities have been targeted in similar scams. The scam has been reported to the respective authorities, an official police report has been filed as well and the FBI and other international agencies are being contacted for assistance. Due to the ongoing investigation, details cannot be disclosed at this time. Together with our bank, SZV is seeking to retrieve the money transferred. Internally, additional security measures are now in place for bank transfers. These measures include additional manual checks, which will lead to extending the payment processing time.
This is a Business Email Compromise (BEC) scam, a type of financial fraud designed to steal money from businesses and individuals. Typically, an attacker will impersonate high-level executives at a company and send phishing emails to employees requesting either a money transfer or sensitive data that can be used to commit fraud. Attackers research the organization to identify who to target (can make transfers) as well as who to impersonate (can make the request). The scam is not uncommon in the United States, Netherlands and the United Kingdom, however now seems to be targeting the Caribbean region more aggressively.