A carefully planned ‘cloned mail scam’, when the financial press the transfer button, no one thought the money will disappear without a trace ..................

How it happened

Lurking - Hackers Spying in the Dark for 3 Months
An overseas project in OPEN needed to purchase some raw materials locally, so the headquarters and local suppliers to finalise the purchase details by email, but due to language barriers, not verified by phone, only through email communication, laying a hidden danger for the fraudsters.

Real and fake accounts ‘swapping’
Fraudsters use ‘mail hijacking technology’, replicated the supplier mailbox (only change a letter in the domain name: ‘digital 0 disguised letter o’), send ‘urgent notice’ to replace the collection account. The finance department did not notice anything unusual because ‘the name of the account was identical to that of the supplier’, resulting in tens of thousands of euros being paid directly into the fraudster's account!

Ambush
In order to extend the fraud, the fraudster even registered the domain name ‘0pen-joist.com’ (the real one is open-joist.com) in an attempt to defraud the supplier in a reverse way by pretending to be OPEN! Fortunately, the IT department found the email IP anomaly and notified to freeze the funds urgently to avoid secondary loss.

Guide to avoiding pitfalls (scammers are in the dark, but loopholes are always in the OPEN!)

The law of detail control
Domain name magnifying glass: receive the mail first check the domain name! Be wary of shaped substitutions such as l→I, 0→o, rn→m, etc. (case in point, the scammer used 0pen to impersonate open).
Account life and death line: any account changes must be confirmed by ‘video conference + written seal’, relying solely on email notification is never credible!

Iron law of cross-border communication
Language barrier: use ‘translation software + third party notary’! Even if you just say ‘Hello, confirm bank account?’, you have to verify by phone!
Establishment of a ‘two-person review system’: cross-checking by business, finance, and legal affairs when it comes to making payments.

Technical defence wall
Change passwords frequently: Important email passwords should be changed every month.
Regular computer anti-virus: Regularly use anti-virus software tools to scan for suspicious attachments and phishing programmes.

Industry Reflection

Statistics
Global B2B email fraud losses exceed $12 billion in 2023, with SMBs accounting for 67% of the total. (Source: Cybersecurity Ventures)
Achilles' heel
Over-reliance on email, ignoring cultural differences (e.g. Eastern European countries prefer local language communication)

Reader's Action List

1. Check your partner's domain name for spoofing.
2. Forward this article to your company group and develop a Cross-Border Payment Security SOP.

Fraudulent techniques will escalate
But vigilance never drops!