In what experts are calling ‘impersonation attacks’ specifically against large Jersey companies, businesses are being sent false invoices or payment requests that are identical to official versions, with the exception of the bank account details.
The attack is understood to be the culmination of months of work by organised criminals who monitored email exchanges and learnt to mimic the idioms and writing style of staff members to improve the credibility of their forged documents.
A similar attack against smaller Jersey companies last year is believed to have been an attempt by the criminals to ‘see how Jersey works’ before launching the recent wave of assaults on larger firms.
At least seven large firms in the legal and finance sector have been attacked and conned out of hundreds of thousands of pounds in the last few days.
It is understood that one firm lost nearly £800,000 in a single transaction after being supplied fraudulent bank details for a property deal. The firms have now contacted their banks and insurance companies.
The Jersey Financial Services Commission has issued a statement calling for all businesses and Islanders to be ‘extra vigilant’, as more attacks are expected.
Ricky Magalhaes, a director at cyber-security firm Logicalis, said that hundreds of fraudulent emails had already been sent out and his staff were working around the clock to help protect firms.
‘This is a specific attack against Jersey. I have seen this sort of thing elsewhere, in places like Poland, but this is the first time I have seen it here,’ he said.
‘We had a similar thing with a few smaller firms last year over here and it appears they were trying to learn how Jersey works before targeting the big firms.
‘They are trying to pressurise people into sending money by saying things like, “This property sale is going through on Friday. You need to send the money now” – so they know the Jersey system.
‘They are also saying things in emails like “How are you?”, “How are the kids?” or ‘‘Isn’t the weather nice?” – they have been studying how people communicate when dealing with each other and are targeting groups of firms which work together.
‘This is highly sophisticated.’
Mr Magalhaes said that the cyber-fraudsters were impersonating individuals within firms, their business partners and domain names.
‘With the domain names they are being very clever. What they will do is have very similar domain names and just change one letter,’ he said.
‘For example, I have seen in some cases they change from .com on the end to .corn, which is virtually impossible to spot. I have been in the business 20 years and I have been struggling to see these things.’
He added: ‘They have been sending people invoices which are identical to the real invoices but with only the bank details changed. They are targeting people, who they see as the weak link in the cyber-security chain.’
Mr Magalhaes said that at least £1 million had been stolen in just two cases he was dealing with, and many more attacks were being made. He urged any regulated firms to report breaches to the Jersey Financial Services Commission, even if they were reluctant to do so.
He added that educating staff to deal with cyber-fraud was the best way to prevent the impersonation attacks. It is unknown at this time which firms have been victims.