Caution Notice to Corporate Customer using Bank’s Remittance Service
Himbauan untuk Nasabah Korporasi yang Menggunakan Layanan Pengiriman Uang Bank
There are repeatedly detected incidents of BEC Kejadian fraud terkait BEC (Business Email Compromise) (Business Email Compromise) frauds i.e. victims’ berulang kali terdeteksi, misalnya: email korban yang diemail is hacked, fraudulently requested to arrange hack, permintaan palsu untuk mengirimkan uang melalui remittance of funds by identity thief’s business email oleh pencuri identitas dan penipuan dana. email, and defrauded of funds.
Jika pengiriman uang telah dilakukan, sangat sulit
If such remittance has been completed, it is very untuk mendapatkan uang kembali karena dalam banyak hard to get refund of the fund because in many kasus, penipu telah menarik atau mengirim uang cases, fraudsters had
already withdrawn or tersebut.
transferred it.
Berikut kami jelaskan beberapa hal agar Anda terhindar
In order not to fall victim to the crime BEC frauds, dari penipuan BEC. please be informed of the explanation as follows. 1. Metode penipuan BEC
1. Methods of BEC frauds Type 1: Identity Thief pretending to be your Business Partner A fraudster becomes an identity thief pretending your business partner, sends email(s) that notice you of “Changing Bank Detail (e.g. Bank’s name, Country’s name where the bank is located, Payee’s name, etc.)” and instruct you to complete arrangement of foreign remittance to the bank account noticed.
Tipe
1:
Pencuri
Identitas
berpura-pura
menjadi mitra bisnis Penipu menjadi pencuri identitas yang berpura-pura menjadi mitra bisnis Anda, mengirimkan email memberitahukan”Perubahan Detail Bank (misalnya: nama bank, nama negara tempat bank berada, nama penerima, dsb)” dan menginstruksikan Anda untuk melakukan pengiriman uang ke rekening yang dimaksud. <Studi kasus>
Company A (A, hereinafter), a wholesaler handling steel related parts, purchases raw materials e.g. iron ore from Company C (C, hereinafter) in Asia. One day, late at night, A’s
Perusahaan A (selanjutnya disebut A), pemasok komponen baja, membeli bahan mentah misalnya bijih besi dari Perusahaan C (selanjutnya disebut C) di Asia. Suatu hari, di malam hari, akuntan A
Page 1 of 7
accountant firstly received an email seeming to
pertama kali menerima email yang tampaknya
be sent by C. It said, “Our email address had
dikirim oleh C. Mengatakan “Alamat email kami
been changed”, “Our bank account that we have
telah berubah”, ”Rekening yang kami gunakan
been occasionally using for receiving payment
untuk menerima pembayaran telah ditangguhkan
from our customers had been suspended for
untuk beberapa alasan”, dan “Detail bank baru akan
some reason”, and ”New bank details are to be
kami informasikan”. Keesokan harinya, akuntan
informed”.
accountant
tersebut menerima email kedua yang mengatakan
received second email saying “New bank details
“Detail bank baru tertulis sebagai berikut (Catatan:
are written as follows (Note: Bank name in
Nama
Europe and its account number was mentioned
disebutkan disitu). Mohon lakukan pembayaran
there). Please complete your remittance of
untuk kontrak dimaksud secepatnya”. Pada hari itu,
payment
very
akuntan tersebut melakukan pengiriman uang.
urgently”. At once within the day, the accountant
Seminggu kemudian, C yang asli menanyakan ke A
applied for foreign remittance. Then, the fund
terkait pembayaran kontrak. Pada saat itu, untuk
transfer had been completed. One week later, the
pertama kalinya, A mendeteksi kemungkinan
genuine C inquired A about the payment of the
terjadinya fraud. Meskipun A mencoba untuk
concerned contract. At the time, A had detected
menarik kembali uang tersebut secepat mungkin,
possibility of fraud for the first time. Although A
uang tersebut telah ditarik oleh C yang palsu
tried to retrieve the fund as rapidly as possible,
(penipu).
Next
for
the
morning,
concerned
the
contract
the fund had already been withdrawn by the fake C, the fraudster.
Tipe
bank
2:
your company’s executive or corporate lawyer
Eropa
Pencuri
menjadi
Type 2: Identity Thief pretending to be
di
dan
nomor
Identitas
eksekutif
atau
rekening
berpura-pura pengacara
perusahaan Penipu menjadi pencuri identitas berpura-pura menjadi eksekutif atau pengacara perusahaan. Saat
A fraudster becomes an identity thief pretending
eksekutif atau pengacara yang asli tidak berada di
your company’s executive or corporate lawyer.
kantor, email penipuan yang menginstruksi Anda
When the genuine executive or the lawyer is
untuk melakukan pengiriman uang ke rekening
away from the office, a fraudulent email instructs
bank yang diinformasikan. Dalam banyak kasus,
you
instruksi
to
complete
arrangement
of
foreign
semacam
itu
menekankan
bahwa
remittance to the bank account noticed. In many
pengiriman uang “sangat mendesak.” dan/atau
cases, such instruction emphasizes that the
“sangat rahasia”.
remittance is “very urgent” and/or “strictly Page 2 of 7
confidential”.
<Studi kasus>
Perusahaan
Company B (B, hereinafter) is a trader. One day, while Mr. T, B’s CEO, had been away from the office on business trip since last Monday, B’s accountant received an email. It said, “This is your company’s corporate lawyer appointed by Mr. T, your CEO. At the moment, a certain M&A is being studied confidentially, and to be closed. Please send funds for acquisitions urgently. This matter
must
be
handled
secretly.”
The
accountant, seriously following the “lawyer’s” instructions, applied
for foreign remittance
without sharing the matter with anyone in B. Then, the fund had been transferred. One week later, when Mr. T, B’s CEO came back to the office from business trip, he told that he did not have any recognition about the M&A. At the time,B detected possibility of fraud for the first time. After all,B had huge amount of funds stolen and
B,
perusahaan
perdagangan
(selanjutnya disebut B). Suatu hari, ketika, Mr. T, CEO dari B, tidak berada di kantor dalam perjalanan bisnis sejak Senin lalu, akuntan B menerima email. Dikatakan, “Ini adalah pengacara perusahaan yang ditunjuk oleh Bapak T, CEO Anda. Saat ini, M&A (Merger & Acquisition) sedang dipelajari secara rahasia dan tertutup. Mohon kirimkan uang untuk akuisisi secepatnya. Hal ini harus ditangani diamdiam.” Akuntan tersebut dengan serius mengikuti instruksi si “pengacara”, mengajukan pengiriman uang tanpa menceritakan hal ini ke orang lain di B. Kemudian, uang tersebut ditransfer. Seminggu kemudian, saat Bapak T, CEO B kembali ke kantor dari perjalanan bisnisnya, dia mengatakan bahwa dia tidak mengetahui tentang M&A tersebut. Pada saat itu untuk pertama kalinya, B mendeteksi kemungkinan
fraud.
Bagaimanapun
juga,
B
mengalami kerugian dalam jumlah besar.
damaged. Country A
Country B
Instructions
Hacking Email Bank
Victim
Victim's Business Partner
Email Request
Country C Country F
Reply by email Your Company
Fraudster Bank
Fraudster's Collaborator
Do not reply by "Reply", but by "Forward" after filling "typed" right email a
Page 3 of 7
What is BEC (Business Email Compromise) Apa
itu
kejahatan
crime?
Compromise) ?
<Jawab>
Fraudster(s)
hack
its/their
(Business
BEC
Email
email Penipu meng-hack email komunikasi korban mereka
target’s
communication and comprehend relationship and serta
memahami
hubungan
dan
latar
belakang
background around the target, next become targetnya, selanjutnya pencuri identitas yang berpuraidentity thief(s) pretending concerned party(s) e.g. pura sebagai pihak terkait misalnya mitra bisnis, menipu business partner(s), defraud the funds of the dana korban melalui email palsu yang kemudian disebut target(s) by means of fraudulent email(s) i.e. dengan Business Email Compromise. Business Email Compromise.
……………………………………………………………..
2.Preventive measures against BEC crime
2. Upaya pencegahan kejahatan BEC
In many cases of BEC incidents, victims had their
Dalam banyak kasus BEC, korban mendapati PC atau
PCs or systems had been infected and hacked.
sistem mereka terinfeksi dan di-hack.
1. Reviewing your security measure
1. Tinjau penanganan keamanan Anda
a. To check your internal information security environment
including
PCs,
a. Lakukan pengecekan atas keamanan informasi
network,
Anda termasuk PC, jaringan, berbagai alat
various communication tools, etc. b. To
communicate
business
b. Komunikasikan dengan mitra bisnis Anda melalui
partners via more secure methods, such as
metode yang lebih aman, seperti menggunakan
using
tautan
encoded
with
your
komunikasi, dll.
attachments,
using
electronic signatures, etc.
diberi
kode,
tanda
tangan
elektronik, dll.
2. Ensuring confirmation with your concerned party(s) a. To
yang
2. Lakukan
konfirmasi
dengan
pihak
yang
bersangkutan make
direct
communication
e.g.
a. Lakukan komunikasi langsung, misalnya melalui
telephone, if noticed by email of “The
telepon bila informasi “Perubahan Detail Bank”
change of Bank Details”
disampaikan melalui email.
b. It is better to reply by “Forward” than by
b. Lebih
Page 4 of 7
baik
membalas
dengan
”Teruskan”
“Reply”, when you cannot help making
daripada
“Balas”
saat
Anda
tidak
confirmation by email.
melakukan konfirmasi melalui email.
dapat
c. To avoid a staff’s independent judge, if
c. Hindari memberikan kesempatan bagi staff
given instructions of “Confidential” or
untuk melakukan penilaian sendiri bila ada
“Urgent” remittance.
instruksi
situations when the representative is
uang
“Rahasia”
atau
“Mendesak”.
3. Reviewing your fund management framework a. To review fund management authorities for
pengiriman
3. Tinjau kerangka pengelolaan dana Anda a. Tinjau otoritas pengelola dana untuk situasi saat
absent;
perwakilan tidak hadir;
b. To establish an internal check framework
b. Buatlah kerangka pengecekan internal seperti
such as requiring two persons’ signature.
keharusan tanda tangan oleh dua orang.
<What is emphasized, in order not to be
<Apa yang perlu ditekankan agar tidak
defrauded>
tertipu>
When you make confirmation, it is recommended
Saat melakukan konfirmasi, dianjurkan untuk
to
tidak menggunakan email. Komunikasi langsung
avoid
email.
Direct
communication
e.g.
telephone is safe way to confirm.
misalnya melalui telepon adalah cara aman
If you cannot help using email, it is better to reply by “Forward” than by “Reply”.
untuk konfirmasi. Jika Anda tidak dapat membantu dengan email, lebih baik balas dengan “Teruskan” daripada
”Balas”. Email Request
(×)
Replying to email received is NG
Fraudster Your Company
Email Request
(○) Email is forwaded Do not reply by "Reply", but by "Forward" after typing the right email address i.e. listed in the name card
Page 5 of 7
Your business partner
3.What to be checked before applying for 3.Apa yang harus dicek sebelum mengajukan remittance
aplikasi pengiriman uang
If anything applicable of the checklist below, you Apabila terdapat hal-hal yang sesuai dengan daftar are recommended to suspend the remittance.
periksa di bawah ini, kami sarankan Anda untuk
Anything suspicious is to be clarified whether it is absence or presence of problems.
menunda pengiriman uang. Hal-hal yang mencurigakan harus diklarifikasi apakah karena ketiadaan atau adanya masalah.
a. Did you receive an email requesting you to a. Apakah Anda menerima email yang meminta Anda transfer funds soon with indicating “Urgent”
untuk
mengirimkan
etc.?
“Mendesak” dll?
uang
dengan
indikasi
b. Were you instructed to transfer funds to the b. Apakah Anda diinstruksikan untuk mentransfer uang bank account where you had not sent?
ke rekening bank yang belum pernah Anda kirim?
(For example, the bank is located in the country
(Contohnya, bank berlokasi di negara dan/atau
and/or region that seemed to be strange.)
wilayah yang tampak asing.)
c. Do you find the fact the currency is not the c. Apakah Anda menemukan fakta bahwa mata uang home currency of the country to be remitted?
yang digunakan bukan merupakan mata uang negara
(For example, you are instructed to remit funds
tujuan
in USD to a bank in UK.)
mengirimkan uang dalam mata uang USD ke bank di
pengiriman?
(Misalnya,
Anda
diminta
UK.) d. Are you still in the stage you have not directly contacted with your beneficiary by telephone, d. Apakah Anda masih ditahap bahwa Anda belum dihubungi langsung oleh si penerima melalui telepon,
etc. other than email?
dll selain email? e. Are you still in the stage you have not anyone check details of the invoice related to the fund e. Apakah Anda masih ditahap belum ada orang yang mengecek detail invoice terkait transfer dana yang
transfer you are going to apply for.
akan Anda ajukan. f.
When you reply to an email from someone, do f.
you do so by hitting the reply button?
Saat Anda membalas email dari seseorang, apakah Anda juga melakukannya dengan menekan tombol
g. Are you still in the stage you have not consulted Page 6 of 7
nor shared information with anyone within your company including another staff of different department?
balas? g. Apakah
Anda
ditahap
dimana
Anda
belum
berkonsultasi atau membagi informasi dengan siapa
h. Are you still in the stage you have not conducted antivirus measures on your PC, etc.?
pun di perusahaan Anda termasuk staf lain di unit kerja yang berbeda? h. Apakah Anda ditahap dimana Anda belum melakukan penanganan antivirus pada PC, dll?
If you detect that you are (possibly) defrauded by Bila Anda mendeteksi bahwa Anda (kemungkinan) the crime, please contact our bank or your local ditipu, silakan hubungi bank kami atau kepolisian police.
setempat.
Thank you for your kind attention and cooperation.
Atas perhatian dan kerjasamanya kami ucapkan terima kasih.
The Bank of Tokyo-Mitsubishi UFJ, Ltd
The Bank of Tokyo-Mitsubishi UFJ, Ltd
Jakarta Branch
Cabang Jakarta
Surabaya Sub Branch
Cabang Pembantu Surabaya
Page 7 of 7