(MENAFN- AzerNews) The former CEO of Cisco Systems, John Chambers, once famously
stated: 'There are only two types of companies: Those that have
been hacked and those don't know that they have been hacked'. Be it
for cross-border or national transactions, web-dependency of
commerce is booming, which makes businesses increasingly vulnerable
to cyber-enabled crime. Amid a growing number of new cases almost
daily, various organizations around the globe have been issuing
recommendations for governments on actions to be taken to combat
cybercrime. On the other hand, since May 2021 the United Nations
member states have been negotiating an international treaty on
countering cybercrime, as well as 156 countries have enacted their
cybercrime legislation at the national level.
However, the above measures, despite being meant to serve the
greater good, are not enough to protect the business from becoming
the next victim due to the advanced technology that is catalyzing
cyber-enabled crime and the organized, as well as de-centralized
structure of criminal syndicates. Business organizations to a
greater extent are suffering from Cyber-enabled fraud ('CEF'), one
of the most viral types of cybercrime along with theft.
Types of CEF that business should beware of
The Financial Action Task Force (FATF ), among others, focuses on the following
types of cyber-enabled criminal activities with higher possibility
of occurrence where business is exhibited:
Business Email Compromise (BEC) fraud: Victims receive email
instructions that purport to be from their clients or suppliers
asking victims to transfer funds to new payment accounts. A
prominent client ('Client') of our firm fell victim to this scam
and wired payments to the wrong bank account in UAE. The
intruder(s) had accessed the server of the supplier in UAE and
modified the content subject to an email exchange between the
parties. In the end, the cybercriminal (s) were able to withdraw
the full amount that was channeled by the Client from their bank
account and vanish. More and more BEC fraud cases are being
reported from various business industries in Azerbaijan. Phishing fraud: Victims are deceived into revealing sensitive
information such as personal data, banking details, or account
login credentials. This information is used to funnel the victim's
funds from their payment accounts, open new payment accounts, or
make fraudulent transactions. In most cases, the criminals send
emails to business entities and request information to participate
in attractive but bogus biddings, etc.
The immediate steps
Notifying the originating bank
In case of any CEF or attempt to commit CEF businesses should
immediately contact the bank holding the payment account
('Originating Bank')and notify them about the already occurred or
attempted CEF case. Under the scenario where the wrongfully
transferred amount is not withdrawn or transferred to another
account yet, the bank might be able to alert the intermediary bank
and the beneficiary bank to block the anticipated withdrawal or
transfer.
Local law enforcement
This year the government of Azerbaijan established the Main
Directorate for Combating Cybercrime under the Ministry of Internal
Affairs. The specialized cybercrime unit is equipped with skilled
experts to investigate cyber-enabled crime. It is vital for the
business to report any cases of crime or attempt to crime. This is
also important regarding regulatory compliance . Hence, the police report on the cybercrime
must be submitted to the Central Bank of the Republic of Azerbaijan
considering that at the end of the expiration of the two-years
deadline, an administrative penalty will be initiated against the
business that failed to declare goods (services) to the customs
authorities.
Law enforcement and FIUs of the country where the crime was
recorded.
If cybercrime occurs due to a leakage within the vendor's
infrastructure that resides abroad, businesses should file
complaints with law enforcement and Financial Intelligence Units of
the same country. This was the case with the Client, where our firm
submitted a report to law enforcement, various FIUs, and even the
Central Bank of the UAE to accelerate the investigation.
Downsides
Despite implementing enhanced security measures, banks alone
cannot provide sufficient safeguards to prevent CEFs. All the
originating, intermediary, and beneficiary banks that processed the
transaction initiated by the Client were not able to detect the
fraudulent invoice and prevent the withdrawal of cash by
intruder(s) in UAE. In as much as cyber-enabled fraud cases often
involve more than one jurisdiction, one question to be addressed is
where the criminal investigation will be opened. National law
enforcement rejected to launch a criminal case because of the
Client's report since it became evident that the CEF had not taken
place in Azerbaijan. Nor does the law enforcement of UAE open any
investigation until the moment that the victim personally files a
criminal complaint in UAE.
Recommendations
We recommend the business consider taking the following measures
to encounters:
To include robust indemnity clauses within agreements with the
vendors that will oblige them to increase cybersecurity measures
against criminal syndicates. To multi-verify the vendor's bank
account details with the beneficiary bank, and the vendor through
means other than the possibly compromised email. To regularly train
employees on phishing fraud, multi-verification processes, and
measures to prevent cyber-enabled fraud. To build advanced
cybersecurity infrastructure, also by virtue of involving a
third-party IT security consultant. Victim reporting. In BEC and
phishing frauds, the victims relatively quickly discover that
they're defrauded since the counterparty begins to question the
payment. Victim reporting to relevant authorities is important
considering that it might help to trace the criminal proceeds and
possibly to recover the loss.
About the author
Ruslan Bayramov is a Founding Partner at Legalize Law Firm. He
is specialized in corporate law, eCommerce, and AML/CFT Compliance.
Ruslan is advising clients on asset recovery as a result of
cyber-enabled fraud. For further info about the author and Legalize
Law Firm please visit
MENAFN11122023000195011045ID1107570130
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.