The Office of National Drug and Money Laundering Control Policy wishes to issue a warning to the general public and to all businesses operating in Antigua and Barbuda.

The Agency has received a number of reports involving attempts to steal funds from  the accounts of individuals and businesses  by fraudsters through email instructions which are being sent to domestic and offshore financial institutions.

Further investigation into these reports has revealed that either the client’s legitimate e-mail address which has been hacked or some permutation of that address is used to make contact with the financial institution to request the transfer of funds. Typically, the beneficiaries of these funds located in Malaysia, Hong Kong, China, the Philippines, Mexico and the United States of America.

In instances where the e-mail addresses were altered, the modifications were generally made by inserting an additional character to the existing user name. For example, johnsmith@xyz.com is adjusted to john.smith@xyz.com or john-smith@xyz.com or johnssmith@xyz.com . Domain name modifications also being utilized are, for example, from johnsmith@xyz.com to johnsmith@xyz.net.  The variations can be very subtle and may be easily mistaken for the legitimate account holder’s official e-mail address on file.

The Director of the ONDCP, who is also the Supervisory Authority to financial institutions with respect to Anti-Money Laundering and Counter Terrorist Financing, urges all financial institutions that engage with clients through e-mail channels to be particularly vigilant when acting upon email instructions from their clients. Financial institutions are encouraged to review internal systems to ensure that adequate procedures are in place with regards to payment instruction, authentication and validity.  The establishment of appropriate validation procedures including customer call back confirmations and test question criteria and the performance of proper customer identification and verification processes is also recommended.

It is essential for institutions to enhance awareness among your staff of this fraudulent activity. The general public is also being reminded of the potential financial consequences of a compromised email account, including identity theft and theft of your money, and should employ various measures in order to safeguard your assets. If you discover that your email account has been hacked, you should notify your financial institution and check your accounts for any unauthorized transactions. Be sure to change your username, password and PIN for your financial accounts and also change your password to your email account.

The general public and businesses in Antigua and Barbuda are advised to take the following 12 steps in securing your email and personal financial information:

1. Protect Your Passwords and PINs.  Change your passwords and PINs regularly and use a different password and PIN for each of your accounts. Use passwords and PINs that contain numbers and letters or symbols. Refrain from using easily accessible information (eg. Birth dates, phone numbers, addresses etc.)

2. Maintain Your Computer Security. Use personal firewalls and security software packages (with anti-virus, anti-spam, and spyware detection features) if you engage in online financial transactions.

3. Use Your Own Computer.  Avoid using public computers to access your bank account.

4. Log Out Completely. Always click the “log out” button to terminate your access to your financial institution’s website.

5. Be Prudent When Using Wireless Connections. Avoid using public connections and “hotspots” which increase the possibility that someone may intercept your information.

6. Check for Secure Websites. When you access your account online, check to ensure that the log in page indicates that it is a secure site.

7. Be Careful Downloading.  Do not install software unless you know what it is and what it does and do not click on links in pop-up windows.

8. Don’t Respond to Emails Requesting Personal Information. If your financial institution actually needs personal information from you or your statement, call the company yourself.

9. Read Your Statements. Check your statement to make sure that all transactions shown are ones that you actually made or authorized.

10. Secure Your Confidential Documents. Keep all your financial documents in a secure place, and be careful how you dispose of any documents with financial or other confidential information.

11. Check Email Addresses. Carefully inspect the addresses from which emails are being received. There may be subtle variations that mimic an email contact’s legitimate address.

12. Keep Your Contact Information Current. Ensure that your financial institution has your correct address and telephone numbers on file so that you may be contacted in the event that verification is needed.

The ONDCP will continue to issue warnings to the general public and businesses as it relates to incidents of possible fraud and money laundering threats to Antigua and Barbuda.