Cybercrime activities

Fiji Financial Intelligence Unit director Razim Buksh. Picture: SUPPLIED

Cybercrime activities continue to increase over the world with Fiji being no exception.

It is described as a very broad term which includes any crime that targets or uses a computer, internet, network device or network with the primary purpose of committing a cybercrime activity for a financial gain or loss.

The Westpac Bank recently reported an online fraud incident involving its Visa Debit cards and had to put a stop on all compromised cards. A Westpac spokesperson said the issue was picked up by their overnight monitoring team, so the fraud was contained and the amount nominal to their total volumes.

The bank’s spokesperson also said impacted customers were refunded while the bank pursued chargeback rights with overseas merchant/bank.

“To be clear, this was not a breach of security measures at the Westpac end. Cards can get compromised as a result of cardholders’ data being uplifted from vulnerable, unsecure online sites or through scheming devices placed at ATMs and EFTPOS. As this data is collected it is used by fraudsters to perpetrate fraudulent transactions.

“We have a number of processes and best practice solutions in place to help protect our customers and reduce incidents of fraud including CHIP technology and Westpac’s added online security enhancements.

“As we know, fraudulent activity happens frequently all over the world and even more so during this pandemic. Westpac continues to take action to protect its customers against fraud and scams that target the Pacific,” said the spokesperson.

Fiji Financial Intelligence Unit (FIU) director Razim Buksh said so far this year the unit had received 40 suspicious transaction reports on various scams including cybercrime type activities.

Money-mule accounts

Mr Buksh said in most cases, the FIU’s intelligence outcomes showed that Fijians had facilitated cybercrime activities through their “money-mule accounts”.

“We have established that international cybercriminals would normally try to develop a personal relationship with unsuspecting Fijians and convince them to either open a new bank account or apply for Visa Debit cards,” he said.

Mr Buksh explained that in such cases criminals gain the trust of these local individuals and convince them to send the Visa Debit cards to them in another country.

In the meantime, the criminals have started other schemes locally and abroad to defraud others through usual scams such as romance scams, investment scams, loan scams etc.

“These other victims either remit or deposit funds into the local money-mule account and the cybercriminal withdraws the money overseas immediately after the deposits are made.”

According to Mr Buksh the FIU has determined that tracing the identity of the cybercriminals are impossible as they would have used multiple identities when communicating with the mules and victims.

He said it was important to note that the sending of Visa Debit cards and providing of personal PINs to anyone apart from the account holder could breach the initial agreement between the customer and financial institution at the time of account opening and result in restrictions to the mules bank account to prevent the scam activity from happening again.

Credit Card scam – a case study by FIU

The FIU has also noted that Fiji has been used by foreign criminals to facilitate fraudulent credit card transactions and launder the funds in and through Fiji.

Mr Buksh said this was evident in the recent money laundering conviction of Hannan Wang in February 2021.

The case involved fraudulent electronic funds transfer point of sale (EFTPOS) activity exceeding $F700,000 (approximately $US350,000) whereby stolen credit cards were swiped through two fraudulently obtained EFTPOS machines by a syndicate of three foreign nationals.

The syndicate was in possession of approximately 500 stolen foreign credit cards.

Three foreign nationals were charged in Fiji under the Proceeds of Crime Act for money laundering involving credit card skimming activities.

They were tried before the Fiji Magistrates Court over the course of 2 – 13 October 2017 and over the course of 23 – 24 October 2017, 10 November 2017, 21 November 2017 and 24 November 2017.

The three individuals pleaded ‘not guilty’ in respect of the charges they faced. On 22 February 2019, the Fiji Magistrates Court delivered its judgment finding them ‘not guilty’ and dismissing the money laundering charges against the three individuals.

The DPP appealed the decision of the Magistrates Court.

In February 2021, the Fiji High Court ordered that:

1) The appeal be allowed;

2) The acquittal of Hannan Wang in respect of the first count of money laundering charges, be quashed and replaced with a conviction on the basis of being found guilty;

3) Hannan Wang be convicted for the first count of money laundering contrary to section 69(2)(a) and 3(a) of the Proceeds of Crime Act; and

4) Hannan Wang be remanded in custody and produced before the Fiji Magistrates Court for sentencing.

Hannan Wang was sentenced in April 2021 to a custodial term of 5 years and 10 months imprisonment with 4 years as non-parole.

Hannan Wang appealed his conviction in September 2021, however, this was dismissed by the Court of Appeal.

Anti-money laundering (AML) preventive measures

Mr Buksh said financial institutions covered under the FTR Act were at the forefront of the battle against financial crimes in Fiji.

These institutions support the FIU by implementing preventative measures aimed at ensuring the safety and protection of their customers and their funds.

He said some of these measures included Customer Due Diligence (CDD), monitoring of accounts or transactions and reporting transactions to the FIU under the FTR Act.

He explained that CDD was undertaken when a person first entered into a business relationship with a financial institution, such as when opening a bank account and during the CDD process, the financial institution will seek to establish the identity of the customer, the nature/ type of the account, nature of business activity undertaken and source of income.

According to the FIU these CDD processes are to ensure that financial institutions know their customers and are not meant to be a hindrance to people accessing bank accounts and other financial services but a means to ensure that the financial institution is able to detect any suspicious or unusual transactions, and prevent such transactions from happening.

Information collected during the CDD process is used by financial institutions to monitor accounts and customer transactions and transactions that do not match the known personal background of the accountholder (example business type deposits into a personal account) are flagged and subject to great scrutiny for possible reporting as a suspicious transaction to the FIU.

Further to that, Mr Buksh said persons or entrepreneurs engaging in business activities must ensure that they declare this information to the bank when opening a bank account.

“The bank must have up-todate information on an existing customer. FIU’s anti-money laundering preventive measures are not aimed at restricting people’s access to financial services. These measures are aimed at preventing people from abusing financial services and products for laundering, hiding and  storing proceeds of illegal activities.”

Some tips to detect scams and fake online proposals

1) Always double check the name and particulars of sender of email or person you are communicating with on the online platform. You can be easily tricked as email addresses can be easily spoofed and the domain name could have slight spelling alterations to trick you.

2) Typos and spelling errors can be a good indication that the message you are receiving is not genuine.

3) Do not share personal and sensitive information without thinking twice. For example, a bank will never ask for personal information over an email. You should call your bank directly to ascertain if an email is genuine
or not.

4) Be careful with messages that require you to act urgently or asks you to take immediate action. For example, the online offer/discount will expire in 24 hours, or send cash immediately to secure the deal.

5) Do not click on any link button, icon or URL. The displayed text may not match the actual URL link – hover over any displayed link button, icon or URL and if does not match the website of the sender or seems strange, do not click.

6) Attachments can be dangerous, especially if the sender is unknown and the download looks suspicious.

7) Is it too good to be true? If it sounds too good to be true, chances are it is! It is merely to attract your attention and tempt you to take action. It is definitely fake; beware of such fake offers, proposals, investments, rewards, lotteries, parcels, etc.

8) Remember, you cannot win a lottery if you never participated. It’s simply a fake lottery win notification, just ignore such messages.

9) Do not fall for unsolicited or unknown online internet-based jobs, they are a scam, they will recruit you either as a money-mule or they will simply ask you to send some money.

10) Do not share your personal information online with anyone you don’t know or trust, particularity on unsolicited web links. Keep your personal and banking details secure.

11) Remember that online fraudsters will do and say anything to scam you and take your money. You can be the next online victim so please exercise due care.

12) Do not send money or give credit card details to anyone you don’t trust.

13) Ensure that your devices up to date. Regularly check for your antivirus and software updates.

14) Check your online accounts regularly (to ensure that no changes have been made without your knowledge).

More Stories