Search site

GFIU Header Image 1

RISK WARNING: Increased Use of Compromised E-Mail Accounts to Commit Fraud

The Financial Investigation Unit are aware that there has been an increase in the number of attempted, and in some cases successful, frauds on customer bank accounts held with local financial institutions. This has occurred via the use of compromised e-mail accounts or through the "piggy-backing" of e-mails. These fraudulent attempts are being made across a wide range of financial institutions with, as yet, no identified pattern as to how customer e-mail accounts are being accessed.

The common characteristics of this activity appear to be the following:  a financial institution will receive an e-mail allegedly from one of its existing customers.  The email is designed to give the impression that it has been written and sent directly from the customer.  The e-mail typically requests that funds (often in amounts that would ordinarily not give rise to additional scrutiny), be paid away to another account held in another jurisdiction. In some cases the account has been in the client's name, but is in actual fact controlled by the fraudster.

The FIU has consulted with the GFSC and drafted the following measures, which businesses should consider adopting in order to manage this risk:

   · Due to the non-face-to-face nature of email instructions, businesses should be aware of the risks of e-mails being used for identification fraud.     

   · When an instruction is received by e-mail, businesses should ensure that they verify those instructions via a telephone call to a party authorised to give instructions.  This should occur whether the instruction is to change the details of a customer or to transfer funds to or from an account.

   · Any e-mail address should be validated against existing records. Further enquiries should be undertaken if the email address is not familiar, or has not been previously used to correspond with the business.

   · Any requests for payments to accounts based in jurisdictions where business has not previously been undertaken by the customer; which is not consistent with the expected activity of the customer or whether there is a recognised heightened risk of corruption, bribery; or where there is a known risk of poor or weak AML/CFT measures, should be subject to additional enquiries and verification prior to any payment being processed. Where there is uncertainty, the matter should be canvassed with a member of senior management and where a suspicion is formed, with the MLRO or Nominated Officer.

If you believe that you have received a request of this nature or that client funds have erroneously been paid to fraudsters, businesses are encouraged to notify the appropriate authorities through their MLRO's submitting a Disclosure via Themis in accordance with the Disclosure (Bailiwick of Guernsey) Law, 2007. The contact number for the Financial Intelligence Service is 01481 714081. If you are unable to report via Themis then attempts to defraud in this nature can also be reported by emailing all the details to You can also find useful information on fraud prevention at .