The Office of National Drug and Money Laundering Control Policy wishes to issue a warning to the general public and to all businesses operating in Antigua and Barbuda.
The Agency has received a number of reports involving phishing scams where criminals lure victims into handing over valuable information such as credit card and bank account numbers, passwords and log on details, which are being used to steal funds from the accounts of individuals and businesses.
The Scam
You receive an email that looks like it comes from your bank asking you to log on and check your account. It appears legitimate, so you click on the link and enter your user ID and password into the website. By so doing, you have handed over your details to a fraudster who is able to take over your account.
The fraudster then makes contact with other individuals via email or social media offering them well paid jobs as mystery or secret shoppers which require them to pose as customers and use and evaluate the services of various money transfer businesses.
The individuals are informed that a deposit will be made to their accounts to carry out the “mystery shopping” job and they are to keep a portion of the deposit as payment. They are also given the instructions for the job which is to transfer of the balance of these funds to another jurisdiction. Having taken over your account, the criminal then accesses it and transfers your money to these mystery shoppers, who in turn take their portion of the proceeds and send the balance to the criminal.
The ONDCP urges all individuals and businesses to be particularly vigilant when divulging account information and passwords. It is essential that you verify whether email transmissions are emanating from your financial institution before entering sensitive information online. In addition to obtaining customer information, phishing scams are also used as a way to install viruses or malicious software on a computer. Once an individual clicks on a link in a phishing email, the virus is downloaded which will then alert the fraudster when his target accesses a secure site, such as internet banking. He is then able to view your accounts and perform transactions without you knowing they have accesses the online banking application.
Individuals who receive unauthorized account deposits are encouraged not to withdraw or to conduct any transactions with the funds but to immediately contact your financial institution and report what has transpired. Participation in this type of fraudulent activity, whether deliberately, negligently or by turning a blind eye may constitute facilitation of money laundering for which you could become criminally liable.
The general public and businesses in Antigua and Barbuda are reminded to take the following steps in securing your email and personal financial information:
- Protect Your Passwords and PINs. Change your passwords and PINs regularly and use a different password and PIN for each of your accounts. Use passwords and PINs that contain numbers and letters or symbols. Refrain from using easily accessible information (eg. Birth dates, phone numbers, addresses etc.)
- Maintain Your Computer Security. Have anti-virus installed on your computer, keep it up-to-date and do not open an e-mail from unknown sources.
- Use Your Own Computer. Avoid using public computers to access your bank account. Do not use unsecured networks when entering personal information. Businesses should use a computer that is dedicated for banking transactions and other important financial/accounting related information, and not allow this computer to be used for regular web surfing or e-mail.
- Log Out Completely. Always click the “log out” button to terminate your access to your financial institution’s website.
- Check Email Addresses. Carefully inspect the addresses from which emails are being received. There may be subtle variations that mimic an email contact’s legitimate address. For example, johnsmith@xyz.com is adjusted to john.smith@xyz.com
- Check Email Domains. Ensure that emails from your financial institution are being sent from the correct domain. For example, @ondcp-bank.com is adjusted to @ondcp-bank.net
- View Link Addresses. DO NOT CLICK LINKS BEFORE VIEWING. Instead, place the mouse over the links received in emails to view the full address of the link and to ensure that it does not redirect you to an unknown site.
- Contact Your Financial Institution. Call your financial institution at a verified telephone number before acting on email instructions.
- Be Prudent When Using Wireless Connections. Avoid using public connections and “hotspots” which increase the possibility that someone may intercept your information.
- Check for Secure Websites. When you access your account online, check to ensure that the log in page indicates that it is a secure site.
- Be Careful Downloading. Do not install software unless you know what it is and what it does and do not click on links in pop-up windows.
- Don’t Respond to Emails Requesting Personal Information. If your financial institution actually needs personal information from you or your statement, call the company yourself.
- Read Your Statements. Check your statement to make sure that all transactions shown are ones that you actually made or authorized.
- Secure Your Confidential Documents. Keep all your financial documents in a secure place, and be careful how you dispose of any documents with financial or other confidential information.
- Keep Your Contact Information Current. Ensure that your financial institution has your correct address and telephone numbers on file so that you may be contacted in the event that verification is needed
Further enquiries can be made to the ONDCP at the following numbers:
268-562-3255 or 268-562-3256